From: Alexander Aring <alex.aring@gmail.com>
To: Martin Townsend <mtownsend1973@gmail.com>
Cc: linux-zigbee-devel@lists.sourceforge.net,
linux-bluetooth@vger.kernel.org, linux-wpan@vger.kernel.org,
marcel@holtmann.org, Martin Townsend <martin.townsend@xsilon.com>
Subject: Re: [PATCH][linux-bluetooth 3/3] 6lowpan: Refactored lowpan_rcv so it's RFC compliant
Date: Thu, 11 Sep 2014 11:21:11 +0200 [thread overview]
Message-ID: <20140911092110.GA20541@omega> (raw)
In-Reply-To: <20140911090950.GD19675@omega>
On Thu, Sep 11, 2014 at 11:09:50AM +0200, Alexander Aring wrote:
> Hi Martin,
>
> On Thu, Sep 11, 2014 at 10:53:53AM +0200, Alexander Aring wrote:
> ...
> >
> > I know this issue and we should not do that in this way.
> >
> > Why?
> >
> > Because this works only for fragmentation with IPHC, for example if we
> > support mesh or Broadcast or HC1 compression. We should call after
> > successfully reassembled "means lowpan_frag_rcv returns 1" the lowpan_rcv again.
> > So this is a recursion and we don't should use recursion to much, but it
> > should only be one recursion, so I think that's okay. :-)
> >
>
> I reconsider about that, this is not okay. A attacker can send data to
> occur this stack overflow...
>
> We need another solution for this. Maybe your current one, but handling
> fragmentation at the beginning and then evaulate dispatch values.
>
I look more in RFC 4944, it seems that mesh and BC0 and MESH always fits
into a single fragmentation... but they don't say anything about max
value and if we have encryption on... I am not sure now if there is a case
where this can happen or not. Simple -> check fragmentation if
fragmentation then goahead until it's reassembled. After reassembled
check for all other dispatch values.
This should be sure that we handle all packets if fragmented or not.
- Alex
next prev parent reply other threads:[~2014-09-11 9:21 UTC|newest]
Thread overview: 28+ messages / expand[flat|nested] mbox.gz Atom feed top
2014-09-10 14:06 [PATCH][linux-bluetooth 0/3] Fix lowpan_rcv Martin Townsend
2014-09-10 14:06 ` Martin Townsend
2014-09-10 14:06 ` [PATCH][linux-bluetooth 1/3] 6lowpan: skb freed locally from lowpan_rcv Martin Townsend
2014-09-11 7:58 ` Alexander Aring
2014-09-11 8:07 ` Alexander Aring
2014-09-11 8:32 ` Martin Townsend
2014-09-10 14:06 ` [PATCH][linux-bluetooth 2/3] 6lowpan: Move skb delivery from IPHC Martin Townsend
2014-09-11 8:18 ` Alexander Aring
2014-09-11 8:25 ` Martin Townsend
2014-09-11 9:01 ` Alexander Aring
2014-09-11 9:33 ` Martin Townsend
2014-09-11 9:53 ` Alexander Aring
2014-09-11 10:12 ` Martin Townsend
2014-09-11 10:25 ` Alexander Aring
2014-09-12 9:18 ` Jukka Rissanen
2014-09-11 14:11 ` Marcel Holtmann
2014-09-10 14:06 ` [PATCH][linux-bluetooth 3/3] 6lowpan: Refactored lowpan_rcv so it's RFC compliant Martin Townsend
2014-09-11 8:53 ` Alexander Aring
2014-09-11 9:09 ` Alexander Aring
2014-09-11 9:21 ` Alexander Aring [this message]
2014-09-11 9:30 ` Martin Townsend
2014-09-11 9:50 ` Alexander Aring
2014-09-11 10:09 ` Martin Townsend
2014-09-11 10:09 ` Martin Townsend
2014-09-11 10:33 ` Alexander Aring
2014-09-11 10:45 ` Martin Townsend
2014-09-11 10:55 ` Alexander Aring
2014-09-11 11:00 ` Alexander Aring
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=20140911092110.GA20541@omega \
--to=alex.aring@gmail.com \
--cc=linux-bluetooth@vger.kernel.org \
--cc=linux-wpan@vger.kernel.org \
--cc=linux-zigbee-devel@lists.sourceforge.net \
--cc=marcel@holtmann.org \
--cc=martin.townsend@xsilon.com \
--cc=mtownsend1973@gmail.com \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.