From: Tomas Hozza <thozza@redhat.com>
To: gregkh@linuxfoundation.org, linux-kernel@vger.kernel.org,
devel@linuxdriverproject.org, apw@canonical.com,
jasowang@redhat.com
Cc: Olaf Hering <olaf@aepfle.de>, KY Srinivasan <kys@microsoft.com>
Subject: [PATCH] tools/hv/hv_kvp_daemon.c: Netlink source address validation allows DoS
Date: Tue, 6 Nov 2012 10:21:01 -0500 (EST) [thread overview]
Message-ID: <165383498.7447465.1352215261695.JavaMail.root@redhat.com> (raw)
In-Reply-To: <456703059.7446523.1352215033661.JavaMail.root@redhat.com>
[-- Attachment #1: Type: text/plain, Size: 520 bytes --]
Hi.
After discussion with KY Srinivasan and Olaf Hering I'm sending you
a patch for the HyperV KVP daemon distributed in linux kernel
"tools/hv/hv_kvp_daemon.c".
There is an issue in the current daemon source causing hyperv kvp daemon
to exit when it processes a spoofed Netlink packet which has been sent
from an untrusted local user.
This patch is fixing this, so now the Netlink messages with a non-zero
nl_pid source address are just ignored.
Regards,
Tomas Hozza
Associate Software Engineer
BaseOS - Brno, CZ
[-- Warning: decoded text below may be mangled, UTF-8 assumed --]
[-- Attachment #2: 0001-Netlink-source-address-validation-allows-DoS.patch --]
[-- Type: text/x-patch; name=0001-Netlink-source-address-validation-allows-DoS.patch, Size: 1329 bytes --]
From 6199072f8131056efce208f04e6985d1f9968d8e Mon Sep 17 00:00:00 2001
From: Tomas Hozza <thozza@redhat.com>
Date: Mon, 5 Nov 2012 10:08:16 +0100
Subject: [PATCH] Netlink source address validation allows DoS
The source code without this patch caused hypervkvpd to exit when it processed
a spoofed Netlink packet which has been sent from an untrusted local user.
Netlink messages with a non-zero nl_pid source address should just be ignored.
---
tools/hv/hv_kvp_daemon.c | 8 +++++++-
1 file changed, 7 insertions(+), 1 deletion(-)
diff --git a/tools/hv/hv_kvp_daemon.c b/tools/hv/hv_kvp_daemon.c
index 3ea3af2..7d74497 100755
--- a/tools/hv/hv_kvp_daemon.c
+++ b/tools/hv/hv_kvp_daemon.c
@@ -1478,13 +1478,19 @@ int main(void)
len = recvfrom(fd, kvp_recv_buffer, sizeof(kvp_recv_buffer), 0,
addr_p, &addr_l);
- if (len < 0 || addr.nl_pid) {
+ if (len < 0) {
syslog(LOG_ERR, "recvfrom failed; pid:%u error:%d %s",
addr.nl_pid, errno, strerror(errno));
close(fd);
return -1;
}
+ if (addr.nl_pid) {
+ syslog(LOG_WARNING, "Received packet from untrusted pid:%u",
+ addr.nl_pid);
+ continue;
+ }
+
incoming_msg = (struct nlmsghdr *)kvp_recv_buffer;
incoming_cn_msg = (struct cn_msg *)NLMSG_DATA(incoming_msg);
hv_msg = (struct hv_kvp_msg *)incoming_cn_msg->data;
--
1.7.11.7
next parent reply other threads:[~2012-11-06 15:21 UTC|newest]
Thread overview: 4+ messages / expand[flat|nested] mbox.gz Atom feed top
[not found] <456703059.7446523.1352215033661.JavaMail.root@redhat.com>
2012-11-06 15:21 ` Tomas Hozza [this message]
2012-11-06 15:30 ` [PATCH] tools/hv/hv_kvp_daemon.c: Netlink source address validation allows DoS KY Srinivasan
2012-11-06 19:54 ` Tomas Hozza
2012-11-06 19:58 ` KY Srinivasan
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=165383498.7447465.1352215261695.JavaMail.root@redhat.com \
--to=thozza@redhat.com \
--cc=apw@canonical.com \
--cc=devel@linuxdriverproject.org \
--cc=gregkh@linuxfoundation.org \
--cc=jasowang@redhat.com \
--cc=kys@microsoft.com \
--cc=linux-kernel@vger.kernel.org \
--cc=olaf@aepfle.de \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.