lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
Open Source and information security mailing list archives
| ||
|
Date: Mon, 14 Dec 2009 18:34:00 +0100 From: Eric Dumazet <eric.dumazet@...il.com> To: David Miller <davem@...emloft.net> CC: lists@...dbynature.de, linux-kernel@...r.kernel.org, netdev@...r.kernel.org, John Dykstra <john.dykstra1@...il.com> Subject: Re: Badness at net/ipv4/inet_connection_sock.c:293 Le 14/12/2009 08:45, David Miller a écrit : > From: Eric Dumazet <eric.dumazet@...il.com> > Date: Mon, 14 Dec 2009 06:56:31 +0100 > >> It seems to me tcp_create_openreq_child() doesnt properly initialize >> newtp->cookie_values to NULL, but this should not produce warnings like that ? > > If oldtp->cookie_values is NULL, the child's should be as well > because of sk_clone(). Right, maybe then its a tcp_ack() or a syncookie validation change ? tcp_v4_rcv() bh_lock_sock_nested(sk); if (!sock_owned_by_user(sk)) { -> tcp_v4_do_rcv() -> tcp_v4_hnd_req() -> cookie_v4_check() -> get_cookie_sock() -> child = syn_recv_sock() -> inet_csk_reqsk_queue_add(child) (TCP_SYN_RECV socket queued into parent) -> tcp_child_process() (backlog... not) -> tcp_rcv_state_process() -> acceptable = tcp_ack() > 0; -> if (acceptable) -> sk_state = TCP_ESTABLISHED (but if tcp_ack() returned <= 0, state unchanged : TCP_SYN_RECV) And commit 96e0bf4b5193d0d97d139f99e2dd128763d55521 (tcp: Discard segments that ack data not yet sent) Did change this area a bit : @@ -5632,7 +5639,7 @@ int tcp_rcv_state_process(struct sock *sk, struct sk_buff *skb, /* step 5: check the ACK field */ if (th->ack) { - int acceptable = tcp_ack(sk, skb, FLAG_SLOWPATH); + int acceptable = tcp_ack(sk, skb, FLAG_SLOWPATH) > 0; switch (sk->sk_state) { case TCP_SYN_RECV: -- To unsubscribe from this list: send the line "unsubscribe netdev" in the body of a message to majordomo@...r.kernel.org More majordomo info at http://vger.kernel.org/majordomo-info.html
Powered by blists - more mailing lists