| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
Date: Wed, 16 Jun 2010 10:03:09 +0200 From: Florian Westphal <fw@...len.de> To: David Miller <davem@...emloft.net> Cc: netdev@...r.kernel.org Subject: Re: [PATCH net-next-2.6] syncookies: check decoded options against sysctl settings David Miller <davem@...emloft.net> wrote: > From: Florian Westphal <fw@...len.de> > Date: Sun, 13 Jun 2010 23:34:35 +0200 > > > - if (tcp_opt->sack_ok) > > - tcp_sack_reset(tcp_opt); > > + if (tcp_opt->sack_ok && !sysctl_tcp_sack) > > + return false; > > > > If you remove the tcp_sack_reset() call here, who is going to > do it? Right, I should have mentioned that in the changelog, sorry about that. Bottom line is that I failed to find out why its needed. Both call sites of this function (cookie_v4_check, cookie_v6_check) allocate the "struct tcp_options_received" argument on the stack, zero it, hand it to tcp_parse_options() and then call cookie_check_timestamp(). I did not find any place in tcp_parse_options that would cause tcp_opt->num_sacks/dsack to become nonzero. Even if it can turn nonzero, I do not see any ill effects that might happen then. The structure is on the stack and after tcp_parse_options() returns only a few selected members are copied to the inet_request_sock. -- To unsubscribe from this list: send the line "unsubscribe netdev" in the body of a message to majordomo@...r.kernel.org More majordomo info at http://vger.kernel.org/majordomo-info.html
Powered by blists - more mailing lists