linux-kernel.vger.kernel.org archive mirror
 help / color / mirror / Atom feed
* [PATCH] tools: hv: Netlink source address validation allows DoS
       [not found] <20121106152911.GA1591@kroah.com>
@ 2012-11-07  8:17 ` Tomas Hozza
  0 siblings, 0 replies; 6+ messages in thread
From: Tomas Hozza @ 2012-11-07  8:17 UTC (permalink / raw)
  To: gregkh, linux-kernel, devel, olaf, apw, jasowang, kys; +Cc: Tomas Hozza

The source code without this patch caused hypervkvpd to exit when it processed
a spoofed Netlink packet which has been sent from an untrusted local user.
Now Netlink messages with a non-zero nl_pid source address are ignored
and a warning is printed into the syslog.

Signed-off-by: Tomas Hozza <thozza@redhat.com>
---
 tools/hv/hv_kvp_daemon.c | 8 +++++++-
 1 file changed, 7 insertions(+), 1 deletion(-)

diff --git a/tools/hv/hv_kvp_daemon.c b/tools/hv/hv_kvp_daemon.c
index 13c2a14..c1d9102 100755
--- a/tools/hv/hv_kvp_daemon.c
+++ b/tools/hv/hv_kvp_daemon.c
@@ -1486,13 +1486,19 @@ int main(void)
 		len = recvfrom(fd, kvp_recv_buffer, sizeof(kvp_recv_buffer), 0,
 				addr_p, &addr_l);
 
-		if (len < 0 || addr.nl_pid) {
+		if (len < 0) {
 			syslog(LOG_ERR, "recvfrom failed; pid:%u error:%d %s",
 					addr.nl_pid, errno, strerror(errno));
 			close(fd);
 			return -1;
 		}
 
+		if (addr.nl_pid) {
+			syslog(LOG_WARNING, "Received packet from untrusted pid:%u",
+					addr.nl_pid);
+			continue;
+		}
+
 		incoming_msg = (struct nlmsghdr *)kvp_recv_buffer;
 		incoming_cn_msg = (struct cn_msg *)NLMSG_DATA(incoming_msg);
 		hv_msg = (struct hv_kvp_msg *)incoming_cn_msg->data;
-- 
1.7.11.7


^ permalink raw reply related	[flat|nested] 6+ messages in thread
* [PATCH] tools: hv: Netlink source address validation allows DoS
@ 2012-11-08  9:53 Tomas Hozza
  2012-11-08 13:18 ` KY Srinivasan
  2012-11-15 23:39 ` Greg KH
  0 siblings, 2 replies; 6+ messages in thread
From: Tomas Hozza @ 2012-11-08  9:53 UTC (permalink / raw)
  To: gregkh, linux-kernel, devel, olaf, apw, jasowang, kys; +Cc: Tomas Hozza

The source code without this patch caused hypervkvpd to exit when it processed
a spoofed Netlink packet which has been sent from an untrusted local user.
Now Netlink messages with a non-zero nl_pid source address are ignored
and a warning is printed into the syslog.

Signed-off-by: Tomas Hozza <thozza@redhat.com>
---
 tools/hv/hv_kvp_daemon.c | 8 +++++++-
 1 file changed, 7 insertions(+), 1 deletion(-)

diff --git a/tools/hv/hv_kvp_daemon.c b/tools/hv/hv_kvp_daemon.c
index 13c2a14..c1d9102 100755
--- a/tools/hv/hv_kvp_daemon.c
+++ b/tools/hv/hv_kvp_daemon.c
@@ -1486,13 +1486,19 @@ int main(void)
 		len = recvfrom(fd, kvp_recv_buffer, sizeof(kvp_recv_buffer), 0,
 				addr_p, &addr_l);
 
-		if (len < 0 || addr.nl_pid) {
+		if (len < 0) {
 			syslog(LOG_ERR, "recvfrom failed; pid:%u error:%d %s",
 					addr.nl_pid, errno, strerror(errno));
 			close(fd);
 			return -1;
 		}
 
+		if (addr.nl_pid) {
+			syslog(LOG_WARNING, "Received packet from untrusted pid:%u",
+					addr.nl_pid);
+			continue;
+		}
+
 		incoming_msg = (struct nlmsghdr *)kvp_recv_buffer;
 		incoming_cn_msg = (struct cn_msg *)NLMSG_DATA(incoming_msg);
 		hv_msg = (struct hv_kvp_msg *)incoming_cn_msg->data;
-- 
1.7.11.7


^ permalink raw reply related	[flat|nested] 6+ messages in thread
* RE: [PATCH] tools: hv: Netlink source address validation allows DoS
  2012-11-08  9:53 [PATCH] tools: hv: Netlink source address validation allows DoS Tomas Hozza
@ 2012-11-08 13:18 ` KY Srinivasan
  2012-11-15 23:39 ` Greg KH
  1 sibling, 0 replies; 6+ messages in thread
From: KY Srinivasan @ 2012-11-08 13:18 UTC (permalink / raw)
  To: Tomas Hozza, gregkh@linuxfoundation.org,
	linux-kernel@vger.kernel.org, devel@linuxdriverproject.org,
	olaf@aepfle.de, apw@canonical.com, jasowang@redhat.com



> -----Original Message-----
> From: Tomas Hozza [mailto:thozza@redhat.com]
> Sent: Thursday, November 08, 2012 4:53 AM
> To: gregkh@linuxfoundation.org; linux-kernel@vger.kernel.org;
> devel@linuxdriverproject.org; olaf@aepfle.de; apw@canonical.com;
> jasowang@redhat.com; KY Srinivasan
> Cc: Tomas Hozza
> Subject: [PATCH] tools: hv: Netlink source address validation allows DoS
> 
> The source code without this patch caused hypervkvpd to exit when it processed
> a spoofed Netlink packet which has been sent from an untrusted local user.
> Now Netlink messages with a non-zero nl_pid source address are ignored
> and a warning is printed into the syslog.
> 
> Signed-off-by: Tomas Hozza <thozza@redhat.com>
Acked-by:  K. Y. Srinivasan <kys@microsoft.com>

> ---
>  tools/hv/hv_kvp_daemon.c | 8 +++++++-
>  1 file changed, 7 insertions(+), 1 deletion(-)
> 
> diff --git a/tools/hv/hv_kvp_daemon.c b/tools/hv/hv_kvp_daemon.c
> index 13c2a14..c1d9102 100755
> --- a/tools/hv/hv_kvp_daemon.c
> +++ b/tools/hv/hv_kvp_daemon.c
> @@ -1486,13 +1486,19 @@ int main(void)
>  		len = recvfrom(fd, kvp_recv_buffer, sizeof(kvp_recv_buffer), 0,
>  				addr_p, &addr_l);
> 
> -		if (len < 0 || addr.nl_pid) {
> +		if (len < 0) {
>  			syslog(LOG_ERR, "recvfrom failed; pid:%u error:%d %s",
>  					addr.nl_pid, errno, strerror(errno));
>  			close(fd);
>  			return -1;
>  		}
> 
> +		if (addr.nl_pid) {
> +			syslog(LOG_WARNING, "Received packet from untrusted
> pid:%u",
> +					addr.nl_pid);
> +			continue;
> +		}
> +
>  		incoming_msg = (struct nlmsghdr *)kvp_recv_buffer;
>  		incoming_cn_msg = (struct cn_msg
> *)NLMSG_DATA(incoming_msg);
>  		hv_msg = (struct hv_kvp_msg *)incoming_cn_msg->data;
> --
> 1.7.11.7
> 
> 



^ permalink raw reply	[flat|nested] 6+ messages in thread
* Re: [PATCH] tools: hv: Netlink source address validation allows DoS
  2012-11-08  9:53 [PATCH] tools: hv: Netlink source address validation allows DoS Tomas Hozza
  2012-11-08 13:18 ` KY Srinivasan
@ 2012-11-15 23:39 ` Greg KH
  2012-11-16  7:21   ` Tomas Hozza
  2012-11-18 14:21   ` Tomas Hozza
  1 sibling, 2 replies; 6+ messages in thread
From: Greg KH @ 2012-11-15 23:39 UTC (permalink / raw)
  To: Tomas Hozza; +Cc: linux-kernel, devel, olaf, apw, jasowang, kys

On Thu, Nov 08, 2012 at 10:53:29AM +0100, Tomas Hozza wrote:
> The source code without this patch caused hypervkvpd to exit when it processed
> a spoofed Netlink packet which has been sent from an untrusted local user.
> Now Netlink messages with a non-zero nl_pid source address are ignored
> and a warning is printed into the syslog.
> 
> Signed-off-by: Tomas Hozza <thozza@redhat.com>
> Acked-by:  K. Y. Srinivasan <kys@microsoft.com>
> ---
>  tools/hv/hv_kvp_daemon.c | 8 +++++++-
>  1 file changed, 7 insertions(+), 1 deletion(-)
> 
> diff --git a/tools/hv/hv_kvp_daemon.c b/tools/hv/hv_kvp_daemon.c
> index 13c2a14..c1d9102 100755

Why are you setting a .c file to executable permissions?  Something is
really wrong here...

greg k-h

^ permalink raw reply	[flat|nested] 6+ messages in thread
* Re: [PATCH] tools: hv: Netlink source address validation allows DoS
  2012-11-15 23:39 ` Greg KH
@ 2012-11-16  7:21   ` Tomas Hozza
  2012-11-18 14:21   ` Tomas Hozza
  1 sibling, 0 replies; 6+ messages in thread
From: Tomas Hozza @ 2012-11-16  7:21 UTC (permalink / raw)
  To: Greg KH; +Cc: linux-kernel, devel, olaf, apw, jasowang, kys

----- Original Message -----
> On Thu, Nov 08, 2012 at 10:53:29AM +0100, Tomas Hozza wrote:
> > The source code without this patch caused hypervkvpd to exit when
> > it processed
> > a spoofed Netlink packet which has been sent from an untrusted
> > local user.
> > Now Netlink messages with a non-zero nl_pid source address are
> > ignored
> > and a warning is printed into the syslog.
> > 
> > Signed-off-by: Tomas Hozza <thozza@redhat.com>
> > Acked-by:  K. Y. Srinivasan <kys@microsoft.com>
> > ---
> >  tools/hv/hv_kvp_daemon.c | 8 +++++++-
> >  1 file changed, 7 insertions(+), 1 deletion(-)
> > 
> > diff --git a/tools/hv/hv_kvp_daemon.c b/tools/hv/hv_kvp_daemon.c
> > index 13c2a14..c1d9102 100755
> 
> Why are you setting a .c file to executable permissions?  Something
> is really wrong here...

I'm sorry, this is a mistake and unfortunately I missed it.
Permissions should be 0644. Will check more carefully next time.

Regards,

Tomas Hozza

^ permalink raw reply	[flat|nested] 6+ messages in thread
* Re: [PATCH] tools: hv: Netlink source address validation allows DoS
  2012-11-15 23:39 ` Greg KH
  2012-11-16  7:21   ` Tomas Hozza
@ 2012-11-18 14:21   ` Tomas Hozza
  1 sibling, 0 replies; 6+ messages in thread
From: Tomas Hozza @ 2012-11-18 14:21 UTC (permalink / raw)
  To: Greg KH; +Cc: linux-kernel, devel, olaf, apw, jasowang, kys

Hello.

Just FYI there is already a CVE name CVE-2012-5532 for this issue.

Regards,
Tomas Hozza

----- Original Message -----
> On Thu, Nov 08, 2012 at 10:53:29AM +0100, Tomas Hozza wrote:
> > The source code without this patch caused hypervkvpd to exit when
> > it processed
> > a spoofed Netlink packet which has been sent from an untrusted
> > local user.
> > Now Netlink messages with a non-zero nl_pid source address are
> > ignored
> > and a warning is printed into the syslog.
> > 
> > Signed-off-by: Tomas Hozza <thozza@redhat.com>
> > Acked-by:  K. Y. Srinivasan <kys@microsoft.com>
> > ---
> >  tools/hv/hv_kvp_daemon.c | 8 +++++++-
> >  1 file changed, 7 insertions(+), 1 deletion(-)
> > 
> > diff --git a/tools/hv/hv_kvp_daemon.c b/tools/hv/hv_kvp_daemon.c
> > index 13c2a14..c1d9102 100755
> 
> Why are you setting a .c file to executable permissions?  Something
> is
> really wrong here...
> 
> greg k-h
> 

^ permalink raw reply	[flat|nested] 6+ messages in thread
end of thread, other threads:[~2012-11-18 14:22 UTC | newest]

Thread overview: 6+ messages (download: mbox.gz follow: Atom feed
-- links below jump to the message on this page --
2012-11-08  9:53 [PATCH] tools: hv: Netlink source address validation allows DoS Tomas Hozza
2012-11-08 13:18 ` KY Srinivasan
2012-11-15 23:39 ` Greg KH
2012-11-16  7:21   ` Tomas Hozza
2012-11-18 14:21   ` Tomas Hozza
     [not found] <20121106152911.GA1591@kroah.com>
2012-11-07  8:17 ` Tomas Hozza

This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for NNTP newsgroup(s).