On Tue, May 23, 2017 at 09:35:33PM +0200, Pablo Neira Ayuso wrote:
> On Tue, May 23, 2017 at 03:51:05PM +0200, Davide Caratti wrote:
> > hello Pablo,
> > On Fri, 2017-05-19 at 13:39 +0200, Davide Caratti wrote:
> > > On Fri, 2017-05-19 at 10:41 +0200, Pablo Neira Ayuso wrote:
> > > > I mean, I can see other spots in the kernel tree that may be affected by this?
> > > > Or is it that you're only observing this from a path that is specific
> > > > of conntrack?
> > >
> > > I did the check before posting, and the kernel code seemed to already
> > > ensure skb is writable until SCTP header + sizeof(SCTP header) offset,
> > > before calling sctp_compute_cksum(). Just to be sure, I re-did that check
> > > today: besides nf_conntrack sctp_error(), I'm only doubtful about IPVS
> > > sctp_csum_check() (but I don't have a test scenario yet).
> >
> > looking at IPVS code: it seems to me that the only call to sctp_csum_check()
> > is inside sctp_snat_handler(), after skb_make_writable() has returned
> > successfully. So, apparently misuse of sctp_compute_cksum() affects only
> > nf_conntrack module in sctp_error() callback.
> >
> > Maybe this patch needs 'Fixes: cf6e007eef83 ("netfilter: conntrack: validate
> > SCTP crc32c in PREROUTING")' tag ?
>
> Thanks for explaining.
>
> I will append this "Fixes:" tag to this patch once I apply this.
Applied, thanks.
--
To unsubscribe from this list: send the line "unsubscribe netfilter-devel" in
the body of a message to majordomo@xxxxxxxxxxxxxxx
More majordomo info at http://vger.kernel.org/majordomo-info.html
