On 2018年01月19日 08:53, Willem de Bruijn wrote:
And what you propose here is just a very small subset of the
necessary checking, more comes at gso header checking. So even if we care
performance, it only help for some specific case.
It also fixed the bug that Eric sent a separate patch for, as that did
not dissect as a valid TCP packet, either.
I may miss something but how did this patch protects an evil thoff?
Actually, it blocked that specific reproducer because the ip protocol
did not match.
I see.
I think that __skb_flow_dissect_tcp should return a boolean, causing
dissection return FLOW_DISSECT_RET_OUT_BAD if the tcph is bad.
That would be needed to really catch it with flow dissection at the source.
Just sanitize transport to offset_hint (0) in the case of tun. It looks
to me flow dissector will return FLOW_DISSECT_RET_OUT_BAD too if it
can't recognize the protocol. We can't differ the real failure from
unrecognized protocol. (or change the return from bool to int).
Thanks
