From: Michal Kubecek
Date: Fri, 8 Jul 2016 17:52:33 +0200 (CEST)
> If socket filter truncates an udp packet below the length of UDP header
> in udpv6_queue_rcv_skb() or udp_queue_rcv_skb(), it will trigger a
> BUG_ON in skb_pull_rcsum(). This BUG_ON (and therefore a system
On Sat, Jul 9, 2016 at 6:43 AM, Michal Kubecek wrote:
> On Sat, Jul 09, 2016 at 11:48:49AM +0200, Daniel Borkmann wrote:
>> On 07/09/2016 02:20 AM, Alexei Starovoitov wrote:
>> >On Sat, Jul 09, 2016 at 01:31:40AM +0200, Eric Dumazet wrote:
>> >>On Fri, 2016-07-08 at 17:52 +0200,
On Sat, Jul 09, 2016 at 11:48:49AM +0200, Daniel Borkmann wrote:
> On 07/09/2016 02:20 AM, Alexei Starovoitov wrote:
> >On Sat, Jul 09, 2016 at 01:31:40AM +0200, Eric Dumazet wrote:
> >>On Fri, 2016-07-08 at 17:52 +0200, Michal Kubecek wrote:
> >>>If socket filter truncates an udp packet below the
On 07/09/2016 02:20 AM, Alexei Starovoitov wrote:
On Sat, Jul 09, 2016 at 01:31:40AM +0200, Eric Dumazet wrote:
On Fri, 2016-07-08 at 17:52 +0200, Michal Kubecek wrote:
If socket filter truncates an udp packet below the length of UDP header
in udpv6_queue_rcv_skb() or udp_queue_rcv_skb(), it
On Sat, Jul 09, 2016 at 01:31:40AM +0200, Eric Dumazet wrote:
> On Fri, 2016-07-08 at 17:52 +0200, Michal Kubecek wrote:
> > If socket filter truncates an udp packet below the length of UDP header
> > in udpv6_queue_rcv_skb() or udp_queue_rcv_skb(), it will trigger a
> > BUG_ON in
On Fri, 2016-07-08 at 17:52 +0200, Michal Kubecek wrote:
> If socket filter truncates an udp packet below the length of UDP header
> in udpv6_queue_rcv_skb() or udp_queue_rcv_skb(), it will trigger a
> BUG_ON in skb_pull_rcsum(). This BUG_ON (and therefore a system crash if
> kernel is configured
If socket filter truncates an udp packet below the length of UDP header
in udpv6_queue_rcv_skb() or udp_queue_rcv_skb(), it will trigger a
BUG_ON in skb_pull_rcsum(). This BUG_ON (and therefore a system crash if
kernel is configured that way) can be easily enforced by an unprivileged
user which