Re: [PATCH] net/ipv6/exthdrs.c et al: Optional strict PadN optionchecking

From: David Miller
Date: Thu Apr 12 2012 - 16:03:36 EST

Next message: Jeff Garzik: "Re: [PATCH 1/1] ata_piix: defer disks to the Hyper-V paravirtualiseddrivers by default"
Previous message: V, Aneesh: "Re: [PATCH v4 0/7] Add TI EMIF SDRAM controller driver"
Next in thread: Eldad Zack: "Re: [PATCH] net/ipv6/exthdrs.c et al: Optional strict PadN option checking"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

From: Eldad Zack <eldad@xxxxxxxxxxxxxxx>
Date: Sat, 7 Apr 2012 17:16:14 +0200

> Added strict checking of PadN. PadN can be used to increase header
> size and thus push the protocol header into the 2nd fragment.
>
> PadN is used to align the options within the Hop-by-Hop or
> Destination Options header to 64-bit boundaries. The maximum valid
> size is thus 7 bytes.
> RFC 4942 recommends to actively check the "payload" itself and
> ensure that it contains only zeroes.
>
> See also RFC 4942 section 2.1.9.5.
>
> Signed-off-by: Eldad Zack <eldad@xxxxxxxxxxxxxxx>

I think you should do away with the sysctl and always perform these
checks.

At the very leat, the optlen > 7 check should always be performed.
And frankly the pad byte being zero check makes sense to do all the
time as far as I can tell too.
--
To unsubscribe from this list: send the line "unsubscribe linux-kernel" in
the body of a message to majordomo@xxxxxxxxxxxxxxx
More majordomo info at http://vger.kernel.org/majordomo-info.html
Please read the FAQ at http://www.tux.org/lkml/

Next message: Jeff Garzik: "Re: [PATCH 1/1] ata_piix: defer disks to the Hyper-V paravirtualiseddrivers by default"
Previous message: V, Aneesh: "Re: [PATCH v4 0/7] Add TI EMIF SDRAM controller driver"
Next in thread: Eldad Zack: "Re: [PATCH] net/ipv6/exthdrs.c et al: Optional strict PadN option checking"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]