From: Vlad Yasevich <vyasevich@gmail.com>
To: Daniel Borkmann <dborkman@redhat.com>
Cc: davem@davemloft.net, linux-sctp@vger.kernel.org, netdev@vger.kernel.org
Subject: Re: [PATCH net] net: sctp: sctp_v6_get_dst: fix boolean test in dst cache
Date: Wed, 13 Feb 2013 01:13:08 +0000 [thread overview]
Message-ID: <511AE8A4.4060608@gmail.com> (raw)
In-Reply-To: <4a07201201d7bac08468d17dea3dbc1ea9a67205.1360709645.git.dborkman@redhat.com>
On 02/12/2013 06:30 PM, Daniel Borkmann wrote:
> We walk through the bind address list and try to get the best source
> address for a given destination. However, currently, we take the
> 'continue' path of the loop when an entry is invalid (!laddr->valid)
> *and* the entry state does not equal SCTP_ADDR_SRC (laddr->state !> SCTP_ADDR_SRC).
>
> Thus, still, invalid entries with SCTP_ADDR_SRC might not 'continue'
> as well as valid entries with SCTP_ADDR_{NEW, SRC, DEL}, with a possible
> false baddr and matchlen as a result, causing in worst case dst route
> to be false or possibly NULL.
>
> This test should actually be a '||' instead of '&&'. But lets fix it
> and make this a bit easier to read by having the condition the same way
> as similarly done in sctp_v4_get_dst.
>
> Signed-off-by: Daniel Borkmann <dborkman@redhat.com>
It uses || everywhere else except this one case. I don't know what I
was thinking when I wrote that one.... :)
Acked-by: Vlad Yasevich <vyasevich@gmail.com>
> ---
> net/sctp/ipv6.c | 5 +++--
> 1 file changed, 3 insertions(+), 2 deletions(-)
>
> diff --git a/net/sctp/ipv6.c b/net/sctp/ipv6.c
> index f3f0f4d..391a245 100644
> --- a/net/sctp/ipv6.c
> +++ b/net/sctp/ipv6.c
> @@ -326,9 +326,10 @@ static void sctp_v6_get_dst(struct sctp_transport *t, union sctp_addr *saddr,
> */
> rcu_read_lock();
> list_for_each_entry_rcu(laddr, &bp->address_list, list) {
> - if (!laddr->valid && laddr->state != SCTP_ADDR_SRC)
> + if (!laddr->valid)
> continue;
> - if ((laddr->a.sa.sa_family = AF_INET6) &&
> + if ((laddr->state = SCTP_ADDR_SRC) &&
> + (laddr->a.sa.sa_family = AF_INET6) &&
> (scope <= sctp_scope(&laddr->a))) {
> bmatchlen = sctp_v6_addr_match_len(daddr, &laddr->a);
> if (!baddr || (matchlen < bmatchlen)) {
>
WARNING: multiple messages have this Message-ID (diff)
From: Vlad Yasevich <vyasevich@gmail.com>
To: Daniel Borkmann <dborkman@redhat.com>
Cc: davem@davemloft.net, linux-sctp@vger.kernel.org, netdev@vger.kernel.org
Subject: Re: [PATCH net] net: sctp: sctp_v6_get_dst: fix boolean test in dst cache
Date: Tue, 12 Feb 2013 20:13:08 -0500 [thread overview]
Message-ID: <511AE8A4.4060608@gmail.com> (raw)
In-Reply-To: <4a07201201d7bac08468d17dea3dbc1ea9a67205.1360709645.git.dborkman@redhat.com>
On 02/12/2013 06:30 PM, Daniel Borkmann wrote:
> We walk through the bind address list and try to get the best source
> address for a given destination. However, currently, we take the
> 'continue' path of the loop when an entry is invalid (!laddr->valid)
> *and* the entry state does not equal SCTP_ADDR_SRC (laddr->state !=
> SCTP_ADDR_SRC).
>
> Thus, still, invalid entries with SCTP_ADDR_SRC might not 'continue'
> as well as valid entries with SCTP_ADDR_{NEW, SRC, DEL}, with a possible
> false baddr and matchlen as a result, causing in worst case dst route
> to be false or possibly NULL.
>
> This test should actually be a '||' instead of '&&'. But lets fix it
> and make this a bit easier to read by having the condition the same way
> as similarly done in sctp_v4_get_dst.
>
> Signed-off-by: Daniel Borkmann <dborkman@redhat.com>
It uses || everywhere else except this one case. I don't know what I
was thinking when I wrote that one.... :)
Acked-by: Vlad Yasevich <vyasevich@gmail.com>
> ---
> net/sctp/ipv6.c | 5 +++--
> 1 file changed, 3 insertions(+), 2 deletions(-)
>
> diff --git a/net/sctp/ipv6.c b/net/sctp/ipv6.c
> index f3f0f4d..391a245 100644
> --- a/net/sctp/ipv6.c
> +++ b/net/sctp/ipv6.c
> @@ -326,9 +326,10 @@ static void sctp_v6_get_dst(struct sctp_transport *t, union sctp_addr *saddr,
> */
> rcu_read_lock();
> list_for_each_entry_rcu(laddr, &bp->address_list, list) {
> - if (!laddr->valid && laddr->state != SCTP_ADDR_SRC)
> + if (!laddr->valid)
> continue;
> - if ((laddr->a.sa.sa_family == AF_INET6) &&
> + if ((laddr->state == SCTP_ADDR_SRC) &&
> + (laddr->a.sa.sa_family == AF_INET6) &&
> (scope <= sctp_scope(&laddr->a))) {
> bmatchlen = sctp_v6_addr_match_len(daddr, &laddr->a);
> if (!baddr || (matchlen < bmatchlen)) {
>
next prev parent reply other threads:[~2013-02-13 1:13 UTC|newest]
Thread overview: 8+ messages / expand[flat|nested] mbox.gz Atom feed top
[not found] <cover.1360709645.git.dborkman@redhat.com>
2013-02-12 23:30 ` [PATCH net] net: sctp: sctp_v6_get_dst: fix boolean test in dst cache Daniel Borkmann
2013-02-12 23:30 ` Daniel Borkmann
2013-02-13 1:13 ` Vlad Yasevich [this message]
2013-02-13 1:13 ` Vlad Yasevich
2013-02-13 12:02 ` Neil Horman
2013-02-13 12:02 ` Neil Horman
2013-02-13 18:42 ` David Miller
2013-02-13 18:42 ` David Miller
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=511AE8A4.4060608@gmail.com \
--to=vyasevich@gmail.com \
--cc=davem@davemloft.net \
--cc=dborkman@redhat.com \
--cc=linux-sctp@vger.kernel.org \
--cc=netdev@vger.kernel.org \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.