lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite for Android: free password hash cracker in your pocket
[<prev] [next>] [thread-next>] [day] [month] [year] [list] 
Date:	Fri, 28 Sep 2007 22:42:25 +0200 (CEST)
From:	"Peter Lieven" <pl@....net>
To:	sparclinux@...r.kernel.org, davem@...emloft.net
Cc:	alan@...rguk.ukuu.org.uk, torvalds@...ux-foundation.org,
	linux-kernel@...r.kernel.org
Subject: PATCH: tcp rfc 2385 security/bugfix for sparc64

TCP MD5 signatures on sparc64 (big-endian) completely fail on current
kernel releases in interoperability with Cisco/Foundry or other
little-endian linux systems.

The root cause is a cast in the return statement of tcp_v4_md5_do_lookup,
where a tcp4_md5sig_key is casted onto tcp_md5sig_key without proper
conversion. On little-endian systems the upper 8 bits are cut of which
yields the expected behaviour. However, on big-endian systems (like
sparc64) only the most significant 8 bits are preserved. Since
TCP_MD5SIG_MAXKEYLEN is 80, this always yields 0.

In the calculation of the md5 signature afterwards the key is therefore
not appended to the tcp segment which could result in a security problem
since only the presence of a md5 signature is checked, and the key itself
doesn't matter.

--- linux.old/include/net/tcp.h 2007-09-28 21:43:26.000000000 +0200 +++
linux/include/net/tcp.h     2007-09-28 21:45:35.000000000 +0200 @@ -1055,6
+1055,7 @@ static inline void clear_all_retrans_hin
 struct crypto_hash;

 /* - key database */
+/* this should be compatible with the head of the following two structs */
 struct tcp_md5sig_key {
        u8                      *key;
        u8                      keylen;
@@ -1062,13 +1063,13 @@ struct tcp_md5sig_key {

 struct tcp4_md5sig_key {
        u8                      *key;
-       u16                     keylen;
+       u8                      keylen;
        __be32                  addr;
 };

 struct tcp6_md5sig_key {
        u8                      *key;
-       u16                     keylen;
+       u8                      keylen;
 #if 0
        u32                     scope_id;       /* XXX */
 #endif


Signed-off-by: Peter Lieven <pl@....net>
Signed-off-by: Matthias M. Dellweg <2500@....de>



-
To unsubscribe from this list: send the line "unsubscribe linux-kernel" in
the body of a message to majordomo@...r.kernel.org
More majordomo info at  http://vger.kernel.org/majordomo-info.html
Please read the FAQ at  http://www.tux.org/lkml/

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ