hello Pablo,
On Fri, 2017-05-19 at 13:39 +0200, Davide Caratti wrote:
> On Fri, 2017-05-19 at 10:41 +0200, Pablo Neira Ayuso wrote:
> > I mean, I can see other spots in the kernel tree that may be affected by this?
> > Or is it that you're only observing this from a path that is specific
> > of conntrack?
>
> I did the check before posting, and the kernel code seemed to already
> ensure skb is writable until SCTP header + sizeof(SCTP header) offset,
> before calling sctp_compute_cksum(). Just to be sure, I re-did that check
> today: besides nf_conntrack sctp_error(), I'm only doubtful about IPVS
> sctp_csum_check() (but I don't have a test scenario yet).
looking at IPVS code: it seems to me that the only call to sctp_csum_check()
is inside sctp_snat_handler(), after skb_make_writable() has returned
successfully. So, apparently misuse of sctp_compute_cksum() affects only
nf_conntrack module in sctp_error() callback.
Maybe this patch needs 'Fixes: cf6e007eef83 ("netfilter: conntrack: validate
SCTP crc32c in PREROUTING")' tag ?
thanks!
--
davide
--
To unsubscribe from this list: send the line "unsubscribe netfilter-devel" in
the body of a message to majordomo@xxxxxxxxxxxxxxx
More majordomo info at http://vger.kernel.org/majordomo-info.html
