Re: Kernel memory corruption in CIPSO labeled TCP packets processing.

(off-list ancestor, not in this archive)
Re: Kernel memory corruption in CIPSO labeled TCP packets processing. · Paul Moore <paul@paul-moore.com> · 2019-01-15
Re: Kernel memory corruption in CIPSO labeled TCP packets processing. · Paul Moore <paul@paul-moore.com> · 2019-01-18
Re: Kernel memory corruption in CIPSO labeled TCP packets processing. · Nazarov Sergey <hidden> · 2019-01-18
Re: Kernel memory corruption in CIPSO labeled TCP packets processing. · Paul Moore <paul@paul-moore.com> · 2019-01-18
Re: Kernel memory corruption in CIPSO labeled TCP packets processing. · Nazarov Sergey <hidden> · 2019-01-21
Re: Kernel memory corruption in CIPSO labeled TCP packets processing. · Paul Moore <paul@paul-moore.com> · 2019-01-22
Re: Kernel memory corruption in CIPSO labeled TCP packets processing. · Nazarov Sergey <hidden> · 2019-01-22
Re: Kernel memory corruption in CIPSO labeled TCP packets processing. · Paul Moore <paul@paul-moore.com> · 2019-01-22
Re: Kernel memory corruption in CIPSO labeled TCP packets processing. · Nazarov Sergey <hidden> · 2019-01-24
Re: Kernel memory corruption in CIPSO labeled TCP packets processing. · Paul Moore <paul@paul-moore.com> · 2019-01-25
Re: Kernel memory corruption in CIPSO labeled TCP packets processing. · Nazarov Sergey <hidden> · 2019-01-28
Re: Kernel memory corruption in CIPSO labeled TCP packets processing. · Paul Moore <paul@paul-moore.com> · 2019-01-28
Re: Kernel memory corruption in CIPSO labeled TCP packets processing. · Nazarov Sergey <hidden> · 2019-01-29
Re: Kernel memory corruption in CIPSO labeled TCP packets processing. · Paul Moore <paul@paul-moore.com> · 2019-01-29
Re: Kernel memory corruption in CIPSO labeled TCP packets processing. · Nazarov Sergey <hidden> · 2019-01-30
Re: Kernel memory corruption in CIPSO labeled TCP packets processing. · Paul Moore <paul@paul-moore.com> · 2019-01-31
Re: Kernel memory corruption in CIPSO labeled TCP packets processing. · Nazarov Sergey <hidden> · 2019-01-31
Re: Kernel memory corruption in CIPSO labeled TCP packets processing. · Paul Moore <paul@paul-moore.com> · 2019-02-11
Re: Kernel memory corruption in CIPSO labeled TCP packets processing. · Nazarov Sergey <hidden> · 2019-02-11
Re: Kernel memory corruption in CIPSO labeled TCP packets processing. · Paul Moore <paul@paul-moore.com> · 2019-02-11
[PATCH] NETWORKING: avoid use IPCB in cipso_v4_error · Nazarov Sergey <hidden> · 2019-02-12
Re: [PATCH] NETWORKING: avoid use IPCB in cipso_v4_error · Paul Moore <paul@paul-moore.com> · 2019-02-13
Re: [PATCH] NETWORKING: avoid use IPCB in cipso_v4_error · Nazarov Sergey <hidden> · 2019-02-14
Re: [PATCH] NETWORKING: avoid use IPCB in cipso_v4_error · Stephen Smalley <hidden> · 2019-02-14
Re: [PATCH] NETWORKING: avoid use IPCB in cipso_v4_error · David Miller <davem@davemloft.net> · 2019-02-14
Re: [PATCH] NETWORKING: avoid use IPCB in cipso_v4_error · Nazarov Sergey <hidden> · 2019-02-14
Re: [PATCH] NETWORKING: avoid use IPCB in cipso_v4_error · Paul Moore <paul@paul-moore.com> · 2019-02-15
Re: [PATCH] NETWORKING: avoid use IPCB in cipso_v4_error · David Miller <davem@davemloft.net> · 2019-02-15
Re: [PATCH] NETWORKING: avoid use IPCB in cipso_v4_error · Paul Moore <paul@paul-moore.com> · 2019-02-15
Re: [PATCH] NETWORKING: avoid use IPCB in cipso_v4_error · Nazarov Sergey <hidden> · 2019-02-18
Re: [PATCH] NETWORKING: avoid use IPCB in cipso_v4_error · David Miller <davem@davemloft.net> · 2019-02-19
Re: [PATCH] NETWORKING: avoid use IPCB in cipso_v4_error · Nazarov Sergey <hidden> · 2019-02-22
[PATCH v2 0/2] NETWORKING: avoid use IPCB in cipso_v4_error · Nazarov Sergey <hidden> · 2019-02-22
Re: [PATCH v2 0/2] NETWORKING: avoid use IPCB in cipso_v4_error · David Miller <davem@davemloft.net> · 2019-02-25
[PATCH v2 1/2] NETWORKING: avoid use IPCB in cipso_v4_error · Nazarov Sergey <hidden> · 2019-02-25
Re: [PATCH v2 1/2] NETWORKING: avoid use IPCB in cipso_v4_error · Paul Moore <paul@paul-moore.com> · 2019-02-25
Re: [PATCH v2 1/2] NETWORKING: avoid use IPCB in cipso_v4_error · David Miller <davem@davemloft.net> · 2019-02-25
Re: [PATCH v2 1/2] NETWORKING: avoid use IPCB in cipso_v4_error · Paul Moore <paul@paul-moore.com> · 2019-02-25
[PATCH v2 2/2] NETWORKING: avoid use IPCB in cipso_v4_error · Nazarov Sergey <hidden> · 2019-02-25
Re: [PATCH v2 2/2] NETWORKING: avoid use IPCB in cipso_v4_error · Paul Moore <paul@paul-moore.com> · 2019-02-25
Re: [PATCH v2 2/2] NETWORKING: avoid use IPCB in cipso_v4_error · David Miller <davem@davemloft.net> · 2019-02-25
Re: [PATCH v2 1/2] NETWORKING: avoid use IPCB in cipso_v4_error · Nazarov Sergey <hidden> · 2019-02-22
Re: [PATCH v2 2/2] NETWORKING: avoid use IPCB in cipso_v4_error · Nazarov Sergey <hidden> · 2019-02-22
Re: [PATCH] NETWORKING: avoid use IPCB in cipso_v4_error · David Miller <davem@davemloft.net> · 2019-02-25

From: Paul Moore <paul@paul-moore.com>
Date: 2019-01-29 22:50:41
Also in: linux-security-module, selinux

On Tue, Jan 29, 2019 at 2:23 AM Nazarov Sergey [off-list ref] wrote:

29.01.2019, 01:18, "Paul Moore" [off-list ref]:

quoted

If we don't pass a skb into ip_options_compile(), meaning both "skb"
and "rt" will be NULL, then I don't believe the option data will
change. Am I missing something?

I mean, in cipso_v4_error we copy option data from skb before ip_options_compile call:
+       memcpy(opt->__data, (unsigned char *)&(ip_hdr(skb)[1]), opt->optlen);
But skb IP header data could be already changed by first call of ip_options_compile
when packet received.

There are several cases where the stack ends up calling icmp_send()
after the skb has been through ip_options_compile(), that should be
okay.

-- 
paul moore
www.paul-moore.com

`h`	back out one level
`j`	next message in thread
`k`	previous message in thread
`l`	drill in
`Esc`	close help / fold thread tree
`?`	toggle this help