lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite for Android: free password hash cracker in your pocket
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list] 
Date:	Thu, 25 Jan 2007 00:22:45 -0800
From:	Petr Vandrovec <vandrove@...cvut.cz>
To:	Pierre Ossman <drzeus-list@...eus.cx>
CC:	LKML <linux-kernel@...r.kernel.org>
Subject: Re: NCPFS and brittle connections

Pierre Ossman wrote:
> Petr Vandrovec wrote:
>> Hello,
>>   create test scenario where first transmit of NCP request is lost by
>> network, and before resend you kill this process.  So it stops
>> resending, but local sequence count is already incremented.  Then when
>> next process tries to access ncpfs, server will ignore its requests as
>> it expects packet with sequence X, while packet with sequence X+1
>> arrived.
> 
> Figured something along those lines, but I couldn't find any docs on the
> protocol so I wasn't sure. You wouldn't happen to have any pointers to
> such docs?

You can download NCP documentation from Novell website.  Or you could, 
couple of months ago.  Unfortunately that documentation just describes 
different NCP calls, not transport - to my knowledge transport layer was 
never documented outside of Novell.

>> And unfortunately it is not possible to simple not increment sequence
>> number unless you get reply - when server receives two packets with
>> same sequence number, it simple resends answer it gave to first
>> request, without looking at request's body at all.  So in this case
>> server would answer, but would gave you bogus answer.
> 
> This sounds promising though. In that case it wouldn't be necessary to
> store the entire request, just the sequence number, right?

Not quite.  If packet signatures are on then server needs to know packet 
you sent so it can correctly compute secret used for next packet (it is 
function of old secret, and data in current packet).  As current 
signatures implementation implement only partial signatures, you need 
just first 64bytes of the packet same - but at that point it may be 
better to just resend packet completely, as write request with correct 
file handle, length, and offset, but with only ~50 bytes of valid data 
is going to do lot of damage on the server.  So I would recommend 
resending original request...
							Petr


-
To unsubscribe from this list: send the line "unsubscribe linux-kernel" in
the body of a message to majordomo@...r.kernel.org
More majordomo info at  http://vger.kernel.org/majordomo-info.html
Please read the FAQ at  http://www.tux.org/lkml/

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ