* [gentoo-commits] gentoo-x86 commit in net-misc/batman-adv/files: batman-adv-2013.0.0-0004-Fix-NULL-pointer-dereference-in-DAT-hash-.patch batman-adv-2013.0.0-0001-fix-skb-leak-in-batadv_dat_snoop_incoming.patch batman-adv-2013.0.0-0002-check-for-more-types-of-invalid-IP-addres.patch batman-adv-2013.0.0-0003-filter-ARP-packets-with-invalid-MAC-addre.patch
@ 2013-02-17 21:57 Michael Weber (xmw)
0 siblings, 0 replies; 2+ messages in thread
From: Michael Weber (xmw) @ 2013-02-17 21:57 UTC (permalink / raw
To: gentoo-commits
xmw 13/02/17 21:57:32
Added:
batman-adv-2013.0.0-0004-Fix-NULL-pointer-dereference-in-DAT-hash-.patch
batman-adv-2013.0.0-0001-fix-skb-leak-in-batadv_dat_snoop_incoming.patch
batman-adv-2013.0.0-0002-check-for-more-types-of-invalid-IP-addres.patch
batman-adv-2013.0.0-0003-filter-ARP-packets-with-invalid-MAC-addre.patch
Log:
Version bump to patchset of Feb 15th. Thanks Antonio Quartulli, bug 457826.
(Portage version: 2.2.0_alpha163/cvs/Linux x86_64, signed Manifest commit with key 62EEF090)
Revision Changes Path
1.1 net-misc/batman-adv/files/batman-adv-2013.0.0-0004-Fix-NULL-pointer-dereference-in-DAT-hash-.patch
file : http://sources.gentoo.org/viewvc.cgi/gentoo-x86/net-misc/batman-adv/files/batman-adv-2013.0.0-0004-Fix-NULL-pointer-dereference-in-DAT-hash-.patch?rev=1.1&view=markup
plain: http://sources.gentoo.org/viewvc.cgi/gentoo-x86/net-misc/batman-adv/files/batman-adv-2013.0.0-0004-Fix-NULL-pointer-dereference-in-DAT-hash-.patch?rev=1.1&content-type=text/plain
Index: batman-adv-2013.0.0-0004-Fix-NULL-pointer-dereference-in-DAT-hash-.patch
===================================================================
From 9f1fb6914d66e282c2b1f51aa2d4a231c84df84d Mon Sep 17 00:00:00 2001
From: Pau Koning <paukoning@gmail.com>
Date: Fri, 15 Feb 2013 00:18:56 +0100
Subject: [PATCH 4/4] batman-adv: Fix NULL pointer dereference in DAT hash
collision avoidance
An entry in DAT with the hashed position of 0 can cause a NULL pointer
dereference when the first entry is checked by batadv_choose_next_candidate.
This first candidate automatically has the max value of 0 and the max_orig_node
of NULL. Not checking max_orig_node for NULL in batadv_is_orig_node_eligible
will lead to a NULL pointer dereference when checking for the lowest address.
This problem was added in 785ea1144182c341b8b85b0f8180291839d176a8
("batman-adv: Distributed ARP Table - create DHT helper functions").
Signed-off-by: Pau Koning <paukoning@gmail.com>
Signed-off-by: David S. Miller <davem@davemloft.net>
Signed-off-by: Marek Lindner <lindner_marek@yahoo.de>
---
distributed-arp-table.c | 2 +-
1 file changed, 1 insertion(+), 1 deletion(-)
diff --git a/distributed-arp-table.c b/distributed-arp-table.c
index ea0bd31..761a590 100644
--- a/distributed-arp-table.c
+++ b/distributed-arp-table.c
@@ -440,7 +440,7 @@ static bool batadv_is_orig_node_eligible(struct batadv_dat_candidate *res,
/* this is an hash collision with the temporary selected node. Choose
* the one with the lowest address
*/
- if ((tmp_max == max) &&
+ if ((tmp_max == max) && max_orig_node &&
(batadv_compare_eth(candidate->orig, max_orig_node->orig) > 0))
goto out;
--
1.8.1.2
1.1 net-misc/batman-adv/files/batman-adv-2013.0.0-0001-fix-skb-leak-in-batadv_dat_snoop_incoming.patch
file : http://sources.gentoo.org/viewvc.cgi/gentoo-x86/net-misc/batman-adv/files/batman-adv-2013.0.0-0001-fix-skb-leak-in-batadv_dat_snoop_incoming.patch?rev=1.1&view=markup
plain: http://sources.gentoo.org/viewvc.cgi/gentoo-x86/net-misc/batman-adv/files/batman-adv-2013.0.0-0001-fix-skb-leak-in-batadv_dat_snoop_incoming.patch?rev=1.1&content-type=text/plain
Index: batman-adv-2013.0.0-0001-fix-skb-leak-in-batadv_dat_snoop_incoming.patch
===================================================================
From 977d8c6f9253ad71e4bd8e4be2705c3bee684feb Mon Sep 17 00:00:00 2001
From: Matthias Schiffer <mschiffer@universe-factory.net>
Date: Wed, 23 Jan 2013 18:11:53 +0100
Subject: [PATCH 1/4] batman-adv: fix skb leak in
batadv_dat_snoop_incoming_arp_reply()
The callers of batadv_dat_snoop_incoming_arp_reply() assume the skb has been
freed when it returns true; fix this by calling kfree_skb before returning as
it is done in batadv_dat_snoop_incoming_arp_request().
Signed-off-by: Matthias Schiffer <mschiffer@universe-factory.net>
Signed-off-by: Marek Lindner <lindner_marek@yahoo.de>
Acked-by: Antonio Quartulli <ordex@autistici.org>
---
distributed-arp-table.c | 2 ++
1 file changed, 2 insertions(+)
diff --git a/distributed-arp-table.c b/distributed-arp-table.c
index 7485a78..9f4cff3 100644
--- a/distributed-arp-table.c
+++ b/distributed-arp-table.c
@@ -1012,6 +1012,8 @@ bool batadv_dat_snoop_incoming_arp_reply(struct batadv_priv *bat_priv,
*/
ret = !batadv_is_my_client(bat_priv, hw_dst);
out:
+ if (ret)
+ kfree_skb(skb);
/* if ret == false -> packet has to be delivered to the interface */
return ret;
}
--
1.8.1.2
1.1 net-misc/batman-adv/files/batman-adv-2013.0.0-0002-check-for-more-types-of-invalid-IP-addres.patch
file : http://sources.gentoo.org/viewvc.cgi/gentoo-x86/net-misc/batman-adv/files/batman-adv-2013.0.0-0002-check-for-more-types-of-invalid-IP-addres.patch?rev=1.1&view=markup
plain: http://sources.gentoo.org/viewvc.cgi/gentoo-x86/net-misc/batman-adv/files/batman-adv-2013.0.0-0002-check-for-more-types-of-invalid-IP-addres.patch?rev=1.1&content-type=text/plain
Index: batman-adv-2013.0.0-0002-check-for-more-types-of-invalid-IP-addres.patch
===================================================================
From 3b24193d7cfc18f0cc005811ca4aab3479c2f1c6 Mon Sep 17 00:00:00 2001
From: Matthias Schiffer <mschiffer@universe-factory.net>
Date: Thu, 24 Jan 2013 18:18:26 +0100
Subject: [PATCH 2/4] batman-adv: check for more types of invalid IP addresses
in DAT
There are more types of IP addresses that may appear in ARP packets that we
don't want to process. While some of these should never appear in sane ARP
packets, a 0.0.0.0 source is used for duplicate address detection and thus seen
quite often.
Signed-off-by: Matthias Schiffer <mschiffer@universe-factory.net>
Acked-by: Antonio Quartulli <ordex@autistici.org>
Signed-off-by: Marek Lindner <lindner_marek@yahoo.de>
---
distributed-arp-table.c | 4 +++-
1 file changed, 3 insertions(+), 1 deletion(-)
diff --git a/distributed-arp-table.c b/distributed-arp-table.c
index 9f4cff3..be3be28 100644
--- a/distributed-arp-table.c
+++ b/distributed-arp-table.c
@@ -777,7 +777,9 @@ static uint16_t batadv_arp_get_type(struct batadv_priv *bat_priv,
ip_src = batadv_arp_ip_src(skb, hdr_size);
ip_dst = batadv_arp_ip_dst(skb, hdr_size);
if (ipv4_is_loopback(ip_src) || ipv4_is_multicast(ip_src) ||
- ipv4_is_loopback(ip_dst) || ipv4_is_multicast(ip_dst))
+ ipv4_is_loopback(ip_dst) || ipv4_is_multicast(ip_dst) ||
+ ipv4_is_zeronet(ip_src) || ipv4_is_lbcast(ip_src) ||
+ ipv4_is_zeronet(ip_dst) || ipv4_is_lbcast(ip_dst))
goto out;
type = ntohs(arphdr->ar_op);
--
1.8.1.2
1.1 net-misc/batman-adv/files/batman-adv-2013.0.0-0003-filter-ARP-packets-with-invalid-MAC-addre.patch
file : http://sources.gentoo.org/viewvc.cgi/gentoo-x86/net-misc/batman-adv/files/batman-adv-2013.0.0-0003-filter-ARP-packets-with-invalid-MAC-addre.patch?rev=1.1&view=markup
plain: http://sources.gentoo.org/viewvc.cgi/gentoo-x86/net-misc/batman-adv/files/batman-adv-2013.0.0-0003-filter-ARP-packets-with-invalid-MAC-addre.patch?rev=1.1&content-type=text/plain
Index: batman-adv-2013.0.0-0003-filter-ARP-packets-with-invalid-MAC-addre.patch
===================================================================
From ab361a9ccc584e7501c06bfe1c00cb0411feebaf Mon Sep 17 00:00:00 2001
From: Matthias Schiffer <mschiffer@universe-factory.net>
Date: Thu, 24 Jan 2013 18:18:27 +0100
Subject: [PATCH 3/4] batman-adv: filter ARP packets with invalid MAC addresses
in DAT
We never want multicast MAC addresses in the Distributed ARP Table, so it's
best to completely ignore ARP packets containing them where we expect unicast
addresses.
Signed-off-by: Matthias Schiffer <mschiffer@universe-factory.net>
Acked-by: Antonio Quartulli <ordex@autistici.org>
Signed-off-by: Marek Lindner <lindner_marek@yahoo.de>
---
distributed-arp-table.c | 13 +++++++++++++
1 file changed, 13 insertions(+)
diff --git a/distributed-arp-table.c b/distributed-arp-table.c
index be3be28..ea0bd31 100644
--- a/distributed-arp-table.c
+++ b/distributed-arp-table.c
@@ -738,6 +738,7 @@ static uint16_t batadv_arp_get_type(struct batadv_priv *bat_priv,
struct arphdr *arphdr;
struct ethhdr *ethhdr;
__be32 ip_src, ip_dst;
+ uint8_t *hw_src, *hw_dst;
uint16_t type = 0;
/* pull the ethernet header */
@@ -782,6 +783,18 @@ static uint16_t batadv_arp_get_type(struct batadv_priv *bat_priv,
ipv4_is_zeronet(ip_dst) || ipv4_is_lbcast(ip_dst))
goto out;
+ hw_src = batadv_arp_hw_src(skb, hdr_size);
+ if (is_zero_ether_addr(hw_src) || is_multicast_ether_addr(hw_src))
+ goto out;
+
+ /* we don't care about the destination MAC address in ARP requests */
+ if (arphdr->ar_op != htons(ARPOP_REQUEST)) {
+ hw_dst = batadv_arp_hw_dst(skb, hdr_size);
+ if (is_zero_ether_addr(hw_dst) ||
+ is_multicast_ether_addr(hw_dst))
+ goto out;
+ }
+
type = ntohs(arphdr->ar_op);
out:
return type;
--
1.8.1.2
^ permalink raw reply related [flat|nested] 2+ messages in thread* [gentoo-commits] gentoo-x86 commit in net-misc/batman-adv/files: batman-adv-2013.0.0-0004-Fix-NULL-pointer-dereference-in-DAT-hash-.patch batman-adv-2013.0.0-0001-fix-skb-leak-in-batadv_dat_snoop_incoming.patch batman-adv-2013.0.0-0002-check-for-more-types-of-invalid-IP-addres.patch batman-adv-2013.0.0-0003-filter-ARP-packets-with-invalid-MAC-addre.patch
@ 2014-07-23 22:08 Michael Weber (xmw)
0 siblings, 0 replies; 2+ messages in thread
From: Michael Weber (xmw) @ 2014-07-23 22:08 UTC (permalink / raw
To: gentoo-commits
xmw 14/07/23 22:08:21
Removed:
batman-adv-2013.0.0-0004-Fix-NULL-pointer-dereference-in-DAT-hash-.patch
batman-adv-2013.0.0-0001-fix-skb-leak-in-batadv_dat_snoop_incoming.patch
batman-adv-2013.0.0-0002-check-for-more-types-of-invalid-IP-addres.patch
batman-adv-2013.0.0-0003-filter-ARP-packets-with-invalid-MAC-addre.patch
Log:
Version bump w/ improved CONFIG_CHECK (thanks Antonio Quartulli, bug 502230) and USE=mcast, drop old versions.
(Portage version: 2.2.10/cvs/Linux x86_64, signed Manifest commit with key 62EEF090)
^ permalink raw reply [flat|nested] 2+ messages in thread
end of thread, other threads:[~2014-07-24 22:38 UTC | newest]
Thread overview: 2+ messages (download: mbox.gz follow: Atom feed
-- links below jump to the message on this page --
2013-02-17 21:57 [gentoo-commits] gentoo-x86 commit in net-misc/batman-adv/files: batman-adv-2013.0.0-0004-Fix-NULL-pointer-dereference-in-DAT-hash-.patch batman-adv-2013.0.0-0001-fix-skb-leak-in-batadv_dat_snoop_incoming.patch batman-adv-2013.0.0-0002-check-for-more-types-of-invalid-IP-addres.patch batman-adv-2013.0.0-0003-filter-ARP-packets-with-invalid-MAC-addre.patch Michael Weber (xmw)
-- strict thread matches above, loose matches on Subject: below --
2014-07-23 22:08 Michael Weber (xmw)
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox