lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list] 
Date:	Wed, 10 Oct 2007 15:24:20 -0400
From:	Brian Haley <brian.haley@...com>
To:	Stephen Hemminger <shemminger@...ux-foundation.org>
Cc:	"Denis V. Lunev" <den@...nvz.org>, davem@...emloft.net,
	aarapov@...hat.com, netdev@...r.kernel.org
Subject: Re: [RFC] more robust inet range checking

Stephen Hemminger wrote:
>  int inet_csk_bind_conflict(const struct sock *sk,
>  			   const struct inet_bind_bucket *tb)
> @@ -77,10 +90,11 @@ int inet_csk_get_port(struct inet_hashin
>  
>  	local_bh_disable();
>  	if (!snum) {
> -		int low = sysctl_local_port_range[0];
> -		int high = sysctl_local_port_range[1];
> -		int remaining = (high - low) + 1;
> -		int rover = net_random() % (high - low) + low;
> +		int remaining, range[2], rover;
> +
> +		inet_get_local_port_range(range);
> +		remaining = range[1] - range[0];
> +		rover = net_random() % (range[1] - range[0]) + range[0];

nit-pick:
		rover = net_random() % remaining + range[0];

> --- a/net/ipv4/udp.c	2007-10-10 08:27:00.000000000 -0700
> +++ b/net/ipv4/udp.c	2007-10-10 09:44:35.000000000 -0700
> @@ -147,13 +147,13 @@ int __udp_lib_get_port(struct sock *sk, 
>  	write_lock_bh(&udp_hash_lock);
>  
>  	if (!snum) {
> -		int i;
> -		int low = sysctl_local_port_range[0];
> -		int high = sysctl_local_port_range[1];
> +		int i, range[2];
>  		unsigned rover, best, best_size_so_far;

Should these be signed ints?  They're the only ones that are unsigned, 
but I don't know why.

> --- a/net/sctp/protocol.c	2007-10-10 08:27:00.000000000 -0700
> +++ b/net/sctp/protocol.c	2007-10-10 09:58:21.000000000 -0700
> @@ -1173,7 +1173,6 @@ SCTP_STATIC __init int sctp_init(void)
>  	}
>  
>  	spin_lock_init(&sctp_port_alloc_lock);
> -	sctp_port_rover = sysctl_local_port_range[0] - 1;

I think you can remove the port_rover definition in sctp/structs.h and 
also the lock that protects it.  Patch below for that which can be 
applied on-top of yours.

-Brian


Remove SCTP port_rover and port_alloc_lock as they're no longer required.

Signed-off-by: Brian Haley <brian.haley@...com>


View attachment "sctp.port_rover_cleanup.patch" of type "text/x-patch" (2095 bytes)

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ