From: Greg KH <greg@kroah.com>
To: ljungmark@modio.se
Cc: "security@kernel.org" <security@kernel.org>,
security <security@android.com>,
netdev@vger.kernel.org
Subject: Re: Responsible Disclosure
Date: Tue, 24 Mar 2015 20:55:17 +0100 [thread overview]
Message-ID: <20150324195517.GB10851@kroah.com> (raw)
In-Reply-To: <1427225461.3276.1.camel@takeit.se>
On Tue, Mar 24, 2015 at 08:31:01PM +0100, D. S. Ljungmark wrote:
>
> This patch prevents a link-local DoS against ipv6.
>
>
> To exploit, push an RA packet without any routing information, but with
> the hop limit reduced to 1.
>
> //D.S. Ljungmark
>
>
>
>
>
>
> diff -urw linux-3.18.7-200.fc21.x86_64/net/ipv6/ndisc.c linux-3.18.7-200.fc21.x86_64/net/ipv6/ndisc.c
> --- linux-3.18.7-200.fc21.x86_64/net/ipv6/ndisc.c 2015-03-08 13:01:36.567000000 -0400
> +++ linux-3.18.7-200.fc21.x86_64/net/ipv6/ndisc.c 2015-03-08 12:50:55.446000000 -0400
> @@ -1215,7 +1215,15 @@
> if (rt)
> rt6_set_expires(rt, jiffies + (HZ * lifetime));
> if (ra_msg->icmph.icmp6_hop_limit) {
> + /*
> + * Only set hop_limit on the interface if it is higher than the current hop_limit.
> + * Prevents silly routes with hop_limit 1 from affecting everyone.
> + */
> + if (in6_dev->cnf.hop_limit < ra_msg->icmph.icmp6_hop_limit) {
> in6_dev->cnf.hop_limit = ra_msg->icmph.icmp6_hop_limit;
> + } else {
> + ND_PRINTK(2, warn, "RA: Got route advertisement with lower hop_limit than current\n");
> + }
> if (rt)
> dst_metric_set(&rt->dst, RTAX_HOPLIMIT,
> ra_msg->icmph.icmp6_hop_limit);
Please submit this in a form that can be applied.
Take a look at Documentation/SubmittingPatches for the proper format.
Also, you are messing with the coding style here for no reason (hint,
indent after the if, and wrap your lines properly.)
Can you fix that up, and resend, starting a new email thread, netdev
doesn't care about the prior subject, you need to pick a proper one for
the patch.
thanks,
greg k-h
next prev parent reply other threads:[~2015-03-24 19:55 UTC|newest]
Thread overview: 3+ messages / expand[flat|nested] mbox.gz Atom feed top
[not found] <1425861908.8414.12.camel@modio.se>
[not found] ` <20150309054916.GA8575@kroah.com>
[not found] ` <1427153139.14059.2.camel@takeit.se>
[not found] ` <20150324184517.GA24177@kroah.com>
2015-03-24 19:31 ` Responsible Disclosure D. S. Ljungmark
2015-03-24 19:55 ` Greg KH [this message]
2015-03-24 22:09 ` Hannes Frederic Sowa
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=20150324195517.GB10851@kroah.com \
--to=greg@kroah.com \
--cc=ljungmark@modio.se \
--cc=netdev@vger.kernel.org \
--cc=security@android.com \
--cc=security@kernel.org \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for NNTP newsgroup(s).