lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list] 
Date:	Wed, 2 Apr 2008 00:43:58 +0200
From:	Benoit Boissinot <benoit.boissinot@...-lyon.org>
To:	YOSHIFUJI Hideaki / 吉藤英明 
	<yoshfuji@...ux-ipv6.org>
Cc:	netdev@...r.kernel.org, pekkas@...core.fi
Subject: Re: [PATCH 1 of 5] IPv6: do not wrap around when the lifetime has
	expired

Ok, I think I missed something.

On Fri, Mar 28, 2008 at 12:06:22PM +0900, YOSHIFUJI Hideaki / 吉藤英明 wrote:
> In article <20080327193854.GC8574@...-lyon.fr> (at Thu, 27 Mar 2008 20:38:54 +0100), Benoit Boissinot <benoit.boissinot@...-lyon.org> says:
> 
> > On Fri, Mar 28, 2008 at 03:25:39AM +0900, YOSHIFUJI Hideaki / 吉藤英明 wrote:
> > > In article <dd125a7f86968371046d.1206305169@...zuine> (at Sun, 23 Mar 2008 21:46:09 +0100), Benoit Boissinot <benoit.boissinot@...-lyon.org> says:
> > > 
> > > > IPv6: do not wrap around when the lifetime has expired
> > > > 
> > > > Instead of reporting overly large lifetimes to userspace,
> > > > report a lifetime of 0 when a lifetime has expired.
> > > > 
> > > > Signed-off-by: Benoit Boissinot <benoit.boissinot@...-lyon.org>
> > > 
> > > NAK.
> > > 
> > > (signed) lifetime < 0 means it has expired, but 0 does not mean
> > > that the lifetime has expired, but it is being expired
> > > (within 1 second).

I re-checked the code, and while it is true that some path takes care
not to use a too big lifetime (one that is > 0x7fffffffUL/HZ), for
example:
- inet6_addr_{add,modify}
there are other places where there are no checks, eg:
- addrconf_prefix_rcv, ipv6_create_tempaddr

Furthermore, at least for the case of the preferred lifetime, a lifetime
of 0 received from RA means deprecated (== expired ?).
And due to the rounding, if age = (now - ift->tsamp)/HZ
then (age == lifetime) being true means that the lifetime has fully expired right ?

In any case, the current code is buggy, because if preferred == 1 and tval == 2,
then we will send INFINITY_LIFETIME to userspace.

Finally, cstamp and tstamp are sent via netlink, it could be useful to
solve this issue from userspace, but it's useless as it is since the
tstamp sent is relative to the lifetime stored in the kernel, not
relative to the lifetime we send (we should send "jiffies" for it to be
useful).

regards,

Benoit
-- 
:wq
--
To unsubscribe from this list: send the line "unsubscribe netdev" in
the body of a message to majordomo@...r.kernel.org
More majordomo info at  http://vger.kernel.org/majordomo-info.html

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ