Re: [PATCH net] ipv6: sctp: clone options to avoid use after free

2015-12-11 Thread David Miller
From: Eric Dumazet Date: Wed, 09 Dec 2015 07:25:06 -0800 > From: Eric Dumazet > > SCTP is lacking proper np->opt cloning at accept() time. > > TCP and DCCP use ipv6_dup_options() helper, do the same > in SCTP. > > We might later factorize this

RE: [PATCH net] ipv6: sctp: clone options to avoid use after free

2015-12-10 Thread David Laight
From: Daniel Borkmann > Sent: 09 December 2015 19:19 > On 12/09/2015 06:11 PM, Marcelo Ricardo Leitner wrote: > > Em 09-12-2015 14:31, David Laight escreveu: > >> From: Eric Dumazet [mailto:eric.duma...@gmail.com] > >>> Sent: 09 December 2015 16:00 > >>> On Wed, 2015-12-09 at 15:49 +, David

RE: [PATCH net] ipv6: sctp: clone options to avoid use after free

2015-12-10 Thread David Laight
From: Eric Dumazet > Sent: 10 December 2015 15:58 > > BTW, are you even using IPv6 SCTP sessions ? Our M3UA/SCTP protocol stack supports them and defaults to using IPv6 listening sockets for IPv4 connections. I very much doubt than any customers have used them yet. So most of the IPv6

Re: [PATCH net] ipv6: sctp: clone options to avoid use after free

2015-12-10 Thread Eric Dumazet
On Thu, 2015-12-10 at 12:26 +, David Laight wrote: > Yes, I'm worried about whether our M3UA code is likely to crash customer > systems, not whether hostile applications can crash it. > These boxes ought to be on private networks since the sigtran protocols > themselves have nothing that even

Re: [PATCH net] ipv6: sctp: clone options to avoid use after free

2015-12-09 Thread Vlad Yasevich
On 12/09/2015 10:25 AM, Eric Dumazet wrote: > From: Eric Dumazet > > SCTP is lacking proper np->opt cloning at accept() time. > > TCP and DCCP use ipv6_dup_options() helper, do the same > in SCTP. > > We might later factorize this code in a common helper to avoid > future

RE: [PATCH net] ipv6: sctp: clone options to avoid use after free

2015-12-09 Thread David Laight
> SCTP is lacking proper np->opt cloning at accept() time. > > TCP and DCCP use ipv6_dup_options() helper, do the same in SCTP. > > We might later factorize this code in a common helper to avoid > future mistakes. I'm wondering what the real impact of this and the other recent SCTP bugs/patches

Re: [PATCH net] ipv6: sctp: clone options to avoid use after free

2015-12-09 Thread Eric Dumazet
On Wed, 2015-12-09 at 15:49 +, David Laight wrote: > > SCTP is lacking proper np->opt cloning at accept() time. > > > > TCP and DCCP use ipv6_dup_options() helper, do the same in SCTP. > > > > We might later factorize this code in a common helper to avoid > > future mistakes. > > I'm

RE: [PATCH net] ipv6: sctp: clone options to avoid use after free

2015-12-09 Thread David Laight
From: Eric Dumazet [mailto:eric.duma...@gmail.com] > Sent: 09 December 2015 16:00 > On Wed, 2015-12-09 at 15:49 +, David Laight wrote: > > > SCTP is lacking proper np->opt cloning at accept() time. > > > > > > TCP and DCCP use ipv6_dup_options() helper, do the same in SCTP. > > > > > > We

Re: [PATCH net] ipv6: sctp: clone options to avoid use after free

2015-12-09 Thread Daniel Borkmann
On 12/09/2015 06:11 PM, Marcelo Ricardo Leitner wrote: Em 09-12-2015 14:31, David Laight escreveu: From: Eric Dumazet [mailto:eric.duma...@gmail.com] Sent: 09 December 2015 16:00 On Wed, 2015-12-09 at 15:49 +, David Laight wrote: SCTP is lacking proper np->opt cloning at accept() time.

Re: [PATCH net] ipv6: sctp: clone options to avoid use after free

2015-12-09 Thread Marcelo Ricardo Leitner
Em 09-12-2015 14:31, David Laight escreveu: From: Eric Dumazet [mailto:eric.duma...@gmail.com] Sent: 09 December 2015 16:00 On Wed, 2015-12-09 at 15:49 +, David Laight wrote: SCTP is lacking proper np->opt cloning at accept() time. TCP and DCCP use ipv6_dup_options() helper, do the same