From mboxrd@z Thu Jan  1 00:00:00 1970
From: "Nuernberger, Stefan" <snu@amazon.de>
Subject: Re: [PATCH net] net/ipv4: defensive cipso option parsing
Date: Mon, 17 Sep 2018 18:02:29 +0000
Message-ID: <1537207349.7627.32.camel@amazon.de>
References: <20180917151149.22231-1-snu@amazon.com>
         <CAHC9VhQ+VKPFmx3R7Ty60KAJhiZwnc2-ZKRYG9w2NSAH7vgnoQ@mail.gmail.com>
Mime-Version: 1.0
Content-Type: text/plain; charset="utf-8"
Content-Transfer-Encoding: base64
Cc: "netdev@vger.kernel.org" <netdev@vger.kernel.org>,
        "Nuernberger, Stefan" <snu@amazon.de>,
        "yujuan.qi@mediatek.com" <yujuan.qi@mediatek.com>,
        "Shah, Amit" <aams@amazon.de>,
        "stable@vger.kernel.org" <stable@vger.kernel.org>
To: "paul@paul-moore.com" <paul@paul-moore.com>
Return-path: <netdev-owner@vger.kernel.org>
Received: from smtp-fw-9102.amazon.com ([207.171.184.29]:21668 "EHLO
        smtp-fw-9102.amazon.com" rhost-flags-OK-OK-OK-OK) by vger.kernel.org
        with ESMTP id S1726795AbeIQXbB (ORCPT
        <rfc822;netdev@vger.kernel.org>); Mon, 17 Sep 2018 19:31:01 -0400
In-Reply-To: <CAHC9VhQ+VKPFmx3R7Ty60KAJhiZwnc2-ZKRYG9w2NSAH7vgnoQ@mail.gmail.com>
Content-Language: en-US
Content-ID: <E8732ED59FB09F4F83D6744D06EB3ED4@amazon.com>
Sender: netdev-owner@vger.kernel.org
List-ID: <netdev.vger.kernel.org>

T24gTW9uLCAyMDE4LTA5LTE3IGF0IDEyOjM1IC0wNDAwLCBQYXVsIE1vb3JlIHdyb3RlOg0KPiBP
biBNb24sIFNlcCAxNywgMjAxOCBhdCAxMToxMiBBTSBTdGVmYW4gTnVlcm5iZXJnZXIgPHNudUBh
bWF6b24uY29tPg0KPiB3cm90ZToNCj4gPiANCj4gPiBjb21taXQgNDA0MTM5NTVlZTI2ICgiQ2lw
c286IGNpcHNvX3Y0X29wdHB0ciBlbnRlciBpbmZpbml0ZSBsb29wIikNCj4gPiBmaXhlZA0KPiA+
IGEgcG9zc2libGUgaW5maW5pdGUgbG9vcCBpbiB0aGUgSVAgb3B0aW9uIHBhcnNpbmcgb2YgQ0lQ
U08uIFRoZSBmaXgNCj4gPiBhc3N1bWVzIHRoYXQgaXBfb3B0aW9uc19jb21waWxlIGZpbHRlcmVk
IG91dCBhbGwgemVybyBsZW5ndGgNCj4gPiBvcHRpb25zIGFuZA0KPiA+IHRoYXQgbm8gb3RoZXIg
b25lLWJ5dGUgb3B0aW9ucyBiZXNpZGUgSVBPUFRfRU5EIGFuZCBJUE9QVF9OT09QDQo+ID4gZXhp
c3QuDQo+ID4gV2hpbGUgdGhpcyBhc3N1bXB0aW9uIGN1cnJlbnRseSBob2xkcyB0cnVlLCBhZGQg
ZXhwbGljaXQgY2hlY2tzIGZvcg0KPiA+IHplcm8NCj4gPiBsZW5ndGggYW5kIGludmFsaWQgbGVu
Z3RoIG9wdGlvbnMgdG8gYmUgc2FmZSBmb3IgdGhlIGZ1dHVyZS4gRXZlbg0KPiA+IHRob3VnaA0K
PiA+IGlwX29wdGlvbnNfY29tcGlsZSBzaG91bGQgaGF2ZSB2YWxpZGF0ZWQgdGhlIG9wdGlvbnMs
IHRoZQ0KPiA+IGludHJvZHVjdGlvbiBvZg0KPiA+IG5ldyBvbmUtYnl0ZSBvcHRpb25zIGNhbiBz
dGlsbCBjb25mdXNlIHRoaXMgY29kZSB3aXRob3V0IHRoZQ0KPiA+IGFkZGl0aW9uYWwNCj4gPiBj
aGVja3MuDQo+ID4gDQo+ID4gU2lnbmVkLW9mZi1ieTogU3RlZmFuIE51ZXJuYmVyZ2VyIDxzbnVA
YW1hem9uLmNvbT4NCj4gPiBSZXZpZXdlZC1ieTogRGF2aWQgV29vZGhvdXNlIDxkd213QGFtYXpv
bi5jby51az4NCj4gPiBSZXZpZXdlZC1ieTogU2ltb24gVmVpdGggPHN2ZWl0aEBhbWF6b24uZGU+
DQo+ID4gQ2M6IHN0YWJsZUB2Z2VyLmtlcm5lbC5vcmcNCj4gPiAtLS0NCj4gPiDCoG5ldC9pcHY0
L2NpcHNvX2lwdjQuYyB8IDEwICsrKysrKysrLS0NCj4gPiDCoDEgZmlsZSBjaGFuZ2VkLCA4IGlu
c2VydGlvbnMoKyksIDIgZGVsZXRpb25zKC0pDQo+ID4gDQo+ID4gZGlmZiAtLWdpdCBhL25ldC9p
cHY0L2NpcHNvX2lwdjQuYyBiL25ldC9pcHY0L2NpcHNvX2lwdjQuYw0KPiA+IGluZGV4IDgyMTc4
Y2M2OWM5Ni4uZjI5MWI1N2I4NDc0IDEwMDY0NA0KPiA+IC0tLSBhL25ldC9pcHY0L2NpcHNvX2lw
djQuYw0KPiA+ICsrKyBiL25ldC9pcHY0L2NpcHNvX2lwdjQuYw0KPiA+IEBAIC0xNTEyLDcgKzE1
MTIsNyBAQCBzdGF0aWMgaW50IGNpcHNvX3Y0X3BhcnNldGFnX2xvYyhjb25zdCBzdHJ1Y3QNCj4g
PiBjaXBzb192NF9kb2kgKmRvaV9kZWYsDQo+ID4gwqAgKg0KPiA+IMKgICogRGVzY3JpcHRpb246
DQo+ID4gwqAgKiBQYXJzZSB0aGUgcGFja2V0J3MgSVAgaGVhZGVyIGxvb2tpbmcgZm9yIGEgQ0lQ
U08NCj4gPiBvcHRpb24uwqDCoFJldHVybnMgYSBwb2ludGVyDQo+ID4gLSAqIHRvIHRoZSBzdGFy
dCBvZiB0aGUgQ0lQU08gb3B0aW9uIG9uIHN1Y2Nlc3MsIE5VTEwgaWYgb25lIGlmIG5vdA0KPiA+
IGZvdW5kLg0KPiA+ICsgKiB0byB0aGUgc3RhcnQgb2YgdGhlIENJUFNPIG9wdGlvbiBvbiBzdWNj
ZXNzLCBOVUxMIGlmIG9uZSBpcyBub3QNCj4gPiBmb3VuZC4NCj4gPiDCoCAqDQo+ID4gwqAgKi8N
Cj4gPiDCoHVuc2lnbmVkIGNoYXIgKmNpcHNvX3Y0X29wdHB0cihjb25zdCBzdHJ1Y3Qgc2tfYnVm
ZiAqc2tiKQ0KPiA+IEBAIC0xNTIyLDkgKzE1MjIsMTEgQEAgdW5zaWduZWQgY2hhciAqY2lwc29f
djRfb3B0cHRyKGNvbnN0IHN0cnVjdA0KPiA+IHNrX2J1ZmYgKnNrYikNCj4gPiDCoMKgwqDCoMKg
wqDCoMKgaW50IG9wdGxlbjsNCj4gPiDCoMKgwqDCoMKgwqDCoMKgaW50IHRhZ2xlbjsNCj4gPiAN
Cj4gPiAtwqDCoMKgwqDCoMKgwqBmb3IgKG9wdGxlbiA9IGlwaC0+aWhsKjQgLSBzaXplb2Yoc3Ry
dWN0IGlwaGRyKTsgb3B0bGVuID4NCj4gPiAwOyApIHsNCj4gPiArwqDCoMKgwqDCoMKgwqBmb3Ig
KG9wdGxlbiA9IGlwaC0+aWhsKjQgLSBzaXplb2Yoc3RydWN0IGlwaGRyKTsgb3B0bGVuID4NCj4g
PiAxOyApIHsNCj4gPiDCoMKgwqDCoMKgwqDCoMKgwqDCoMKgwqDCoMKgwqDCoHN3aXRjaCAob3B0
cHRyWzBdKSB7DQo+ID4gwqDCoMKgwqDCoMKgwqDCoMKgwqDCoMKgwqDCoMKgwqBjYXNlIElQT1BU
X0NJUFNPOg0KPiA+ICvCoMKgwqDCoMKgwqDCoMKgwqDCoMKgwqDCoMKgwqDCoMKgwqDCoMKgwqDC
oMKgaWYgKCFvcHRwdHJbMV0gfHwgb3B0cHRyWzFdID4gb3B0bGVuKQ0KPiA+ICvCoMKgwqDCoMKg
wqDCoMKgwqDCoMKgwqDCoMKgwqDCoMKgwqDCoMKgwqDCoMKgwqDCoMKgwqDCoMKgwqDCoHJldHVy
biBOVUxMOw0KPiA+IMKgwqDCoMKgwqDCoMKgwqDCoMKgwqDCoMKgwqDCoMKgwqDCoMKgwqDCoMKg
wqDCoHJldHVybiBvcHRwdHI7DQo+ID4gwqDCoMKgwqDCoMKgwqDCoMKgwqDCoMKgwqDCoMKgwqBj
YXNlIElQT1BUX0VORDoNCj4gPiDCoMKgwqDCoMKgwqDCoMKgwqDCoMKgwqDCoMKgwqDCoMKgwqDC
oMKgwqDCoMKgwqByZXR1cm4gTlVMTDsNCj4gPiBAQCAtMTUzNCw2ICsxNTM2LDEwIEBAIHVuc2ln
bmVkIGNoYXIgKmNpcHNvX3Y0X29wdHB0cihjb25zdCBzdHJ1Y3QNCj4gPiBza19idWZmICpza2Ip
DQo+ID4gwqDCoMKgwqDCoMKgwqDCoMKgwqDCoMKgwqDCoMKgwqBkZWZhdWx0Og0KPiA+IMKgwqDC
oMKgwqDCoMKgwqDCoMKgwqDCoMKgwqDCoMKgwqDCoMKgwqDCoMKgwqDCoHRhZ2xlbiA9IG9wdHB0
clsxXTsNCj4gPiDCoMKgwqDCoMKgwqDCoMKgwqDCoMKgwqDCoMKgwqDCoH0NCj4gPiArDQo+ID4g
K8KgwqDCoMKgwqDCoMKgwqDCoMKgwqDCoMKgwqDCoGlmICghdGFnbGVuIHx8IHRhZ2xlbiA+IG9w
dGxlbikNCj4gPiArwqDCoMKgwqDCoMKgwqDCoMKgwqDCoMKgwqDCoMKgwqDCoMKgwqDCoMKgwqDC
oGJyZWFrOw0KPiBJIHRlbmQgdG8gdGhpbmsgdGhhdCB5b3UgcmVhY2ggYSBwb2ludCB3aGVyZSB5
b3Ugc2ltcGx5IG5lZWQgdG8gdHJ1c3QNCj4gdGhhdCB0aGUgc3RhY2sgaXMgZG9pbmcgdGhlIHJp
Z2h0IHRoaW5nIGFuZCB0aGF0IGJ5IHRoZSB0aW1lIHlvdSBoaXQNCj4gYQ0KPiBjZXJ0YWluIHBv
aW50IHlvdSBjYW4gc2FmZWx5IGFzc3VtZSB0aGF0IHRoZSBwYWNrZXQgaXMgd2VsbCBmb3JtZWQs
DQo+IGJ1dCBJJ20gbm90IGdvaW5nIHRvIGZpZ2h0IGFib3V0IHRoYXQgaGVyZS4NCj4gDQo+IFJl
Z2FyZGxlc3Mgb2YgdGhlIGFib3ZlLCBJIGRvbid0IGxpa2UgaG93IHlvdSdyZSBkb2luZyB0aGUg
b3B0aW9uDQo+IGxlbmd0aCBjaGVjayB0d2ljZSBpbiB0aGlzIGNvZGUsIHRoYXQgbG9va3MgdWds
eSB0byBtZSwgSSB0aGluayB3ZQ0KPiBjYW4NCj4gZG8gYmV0dGVyLsKgwqBIb3cgYWJvdXQgc29t
ZXRoaW5nIGxpa2UgdGhpczoNCj4gDQo+IMKgIGZvciAoLi4uKSB7DQo+IMKgwqDCoMKgc3dpdGNo
KG9wdHB0clswXSkgew0KPiDCoMKgwqDCoGNhc2UgSVBPUFRfRU5EOg0KPiDCoMKgwqDCoMKgwqBy
ZXR1cm4gTlVMTDsNCj4gwqDCoMKgwqBjYXNlIElQT1BUX05PT1A6DQo+IMKgwqDCoMKgwqDCoHRh
Z2xlbiA9IDE7DQo+IMKgwqDCoMKgZGVmYXVsdDoNCj4gwqDCoMKgwqDCoMKgdGFnbGVuID0gb3B0
cHRyWzFdOw0KPiDCoMKgwqDCoH0NCj4gwqDCoMKgwqBpZiAodGFnbGVuID09IDAgfHwgdGFnbGVu
ID4gb3B0bGVuKQ0KPiDCoMKgwqDCoMKgwqByZXR1cm4gTlVMTDsNCj4gwqDCoMKgwqBpZiAob3B0
cHRyWzBdID09IElQT1BUX0NJUFNPKQ0KPiDCoMKgwqDCoMKgwqByZXR1cm4gb3B0cHRyOw0KPiDC
oMKgwqDCoC4uLi4NCj4gwqAgfQ0KPiANCg0KWW91J3JlIHJpZ2h0LCB0aGF0IGxvb2tzIG11Y2gg
YmV0dGVyLiBJIHNlbnQgYXJvdW5kIGEgbmV3IHBhdGNoLg0KDQo+ID4gDQo+ID4gwqDCoMKgwqDC
oMKgwqDCoMKgwqDCoMKgwqDCoMKgwqBvcHRsZW4gLT0gdGFnbGVuOw0KPiA+IMKgwqDCoMKgwqDC
oMKgwqDCoMKgwqDCoMKgwqDCoMKgb3B0cHRyICs9IHRhZ2xlbjsNCj4gPiDCoMKgwqDCoMKgwqDC
oMKgfQ0KDQoNCkFtYXpvbiBEZXZlbG9wbWVudCBDZW50ZXIgR2VybWFueSBHbWJICkJlcmxpbiAt
IERyZXNkZW4gLSBBYWNoZW4KbWFpbiBvZmZpY2U6IEtyYXVzZW5zdHIuIDM4LCAxMDExNyBCZXJs
aW4KR2VzY2hhZWZ0c2Z1ZWhyZXI6IERyLiBSYWxmIEhlcmJyaWNoLCBDaHJpc3RpYW4gU2NobGFl
Z2VyClVzdC1JRDogREUyODkyMzc4NzkKRWluZ2V0cmFnZW4gYW0gQW10c2dlcmljaHQgQ2hhcmxv
dHRlbmJ1cmcgSFJCIDE0OTE3MyBCCg==