[PATCH net 0/2] tap/tun: harden by dropping short frame

From: Dongli Zhang
Date: Wed Jul 24 2024 - 13:06:30 EST

Next message: Dongli Zhang: "[PATCH net 2/2] tun: add missing verification for short frame"
Previous message: Dongli Zhang: "[PATCH net 1/2] tap: add missing verification for short frame"
Next in thread: Dongli Zhang: "[PATCH net 1/2] tap: add missing verification for short frame"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

This is to harden all of tap/tun to avoid any short frame smaller than the
Ethernet header (ETH_HLEN).

While the xen-netback already rejects short frame smaller than ETH_HLEN ...

914 static void xenvif_tx_build_gops(struct xenvif_queue *queue,
915 int budget,
916 unsigned *copy_ops,
917 unsigned *map_ops)
918 {
... ...
1007 if (unlikely(txreq.size < ETH_HLEN)) {
1008 netdev_dbg(queue->vif->dev,
1009 "Bad packet size: %d\n", txreq.size);
1010 xenvif_tx_err(queue, &txreq, extra_count, idx);
1011 break;
1012 }

... the short frame may not be dropped by vhost-net/tap/tun.

This fixes CVE-2024-41090 and CVE-2024-41091.

Thank you very much!

Dongli Zhang

Next message: Dongli Zhang: "[PATCH net 2/2] tun: add missing verification for short frame"
Previous message: Dongli Zhang: "[PATCH net 1/2] tap: add missing verification for short frame"
Next in thread: Dongli Zhang: "[PATCH net 1/2] tap: add missing verification for short frame"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]