The patch below updates the existing decode_options hook so that an LSM module can set the parameter problem pointer to the correct location upon error. This is used for error reporting via ICMP, so that the receiver of the error can determine the location of the erroneous option field. The current default behaviour is to report the error as occuring at just before the start of the option, which is really just a safe fallback for unknown option types. The new behaviour allows for compliance with the CIPSO draft when processing an unrecognized field within the security option: If any field within the CIPSO option, such as the DOI identifier, is not recognized the IP datagram is discarded and an ICMP "parameter problem" (type 12) is generated and returned. The ICMP code field is set to "bad parameter" (code 0) and the pointer is set to the start of the CIPSO field that is unrecognized. Note that the default behaviour is retained in the dummy and capability plug modules. - James -- James Morris <jmorrisat_private> diff -urN --exclude BitKeeper --exclude SCCS --exclude ChangeSet lsm/include/linux/security.h lsm-w1/include/linux/security.h --- lsm/include/linux/security.h Fri Aug 31 12:06:05 2001 +++ lsm-w1/include/linux/security.h Fri Aug 31 13:19:01 2001 @@ -169,7 +169,7 @@ int (* defragment) (struct sk_buff *skb); void (* encapsulate) (struct sk_buff *skb); void (* decapsulate) (struct sk_buff *skb); - int (* decode_options) (struct sk_buff *skb, const char *optptr); + int (* decode_options) (struct sk_buff *skb, const char *optptr, unsigned char **pp_ptr); }; struct netdev_security_ops { diff -urN --exclude BitKeeper --exclude SCCS --exclude ChangeSet lsm/net/ipv4/ip_options.c lsm-w1/net/ipv4/ip_options.c --- lsm/net/ipv4/ip_options.c Sat Aug 11 02:15:14 2001 +++ lsm-w1/net/ipv4/ip_options.c Fri Aug 31 12:58:22 2001 @@ -435,10 +435,8 @@ case IPOPT_SEC: case IPOPT_CIPSO: case IPOPT_SID: - if (security_ops->ip_ops->decode_options(skb, optptr)) { - pp_ptr = optptr; + if (security_ops->ip_ops->decode_options(skb, optptr, &pp_ptr)) goto error; - } break; default: if (!skb && !capable(CAP_NET_RAW)) { diff -urN --exclude BitKeeper --exclude SCCS --exclude ChangeSet lsm/security/capability_plug.c lsm-w1/security/capability_plug.c --- lsm/security/capability_plug.c Fri Aug 31 12:06:05 2001 +++ lsm-w1/security/capability_plug.c Fri Aug 31 13:32:07 2001 @@ -393,10 +393,12 @@ static int cap_ip_defragment (struct sk_buff *skb) {return 0;} static void cap_ip_encapsulate (struct sk_buff *skb) {return;} static void cap_ip_decapsulate (struct sk_buff *skb) {return;} -static int cap_ip_decode_options (struct sk_buff *skb, const char *optptr) +static int cap_ip_decode_options (struct sk_buff *skb, const char *optptr, unsigned char **pp_ptr) { - if (!skb && !capable(CAP_NET_RAW)) + if (!skb && !capable(CAP_NET_RAW)) { + (const unsigned char *)*pp_ptr = optptr; return -EPERM; + } return 0; } diff -urN --exclude BitKeeper --exclude SCCS --exclude ChangeSet lsm/security/security.c lsm-w1/security/security.c --- lsm/security/security.c Fri Aug 31 12:06:05 2001 +++ lsm-w1/security/security.c Fri Aug 31 13:33:54 2001 @@ -184,10 +184,12 @@ static int dummy_ip_defragment (struct sk_buff *skb) {return 0;} static void dummy_ip_decapsulate (struct sk_buff *skb) {return;} static void dummy_ip_encapsulate (struct sk_buff *skb) {return;} -static int dummy_ip_decode_options (struct sk_buff *skb, const char *optptr) +static int dummy_ip_decode_options (struct sk_buff *skb, const char *optptr, unsigned char **pp_ptr) { - if (!skb && !capable(CAP_NET_RAW)) + if (!skb && !capable(CAP_NET_RAW)) { + (const unsigned char *)*pp_ptr = optptr; return -EPERM; + } return 0; } _______________________________________________ linux-security-module mailing list linux-security-moduleat_private http://mail.wirex.com/mailman/listinfo/linux-security-module
This archive was generated by hypermail 2b30 : Thu Aug 30 2001 - 22:54:10 PDT