lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list] 
Date:	Mon, 22 Apr 2013 13:11:52 +0900
From:	Simon Horman <horms@...ge.net.au>
To:	Julian Anastasov <ja@....bg>
Cc:	Dan Carpenter <dan.carpenter@...cle.com>,
	Wensong Zhang <wensong@...ux-vs.org>,
	Pablo Neira Ayuso <pablo@...filter.org>,
	Patrick McHardy <kaber@...sh.net>,
	"David S. Miller" <davem@...emloft.net>, netdev@...r.kernel.org,
	lvs-devel@...r.kernel.org, netfilter-devel@...r.kernel.org,
	netfilter@...r.kernel.org, coreteam@...filter.org
Subject: Re: [patch] ipvs: off by one in set_sctp_state()

On Sat, Apr 20, 2013 at 03:25:21PM +0300, Julian Anastasov wrote:
> 
> 	Hello,
> 
> On Sat, 20 Apr 2013, Dan Carpenter wrote:
> 
> > The sctp_events[] come from sch->type in set_sctp_state().  They are
> > between 0-255 so that means we need 256 elements in the array.
> > 
> > I believe that because of how the code is aligned there is normally a
> > hole after sctp_events[] so this patch doesn't actually change anything.
> > 
> > Signed-off-by: Dan Carpenter <dan.carpenter@...cle.com>
> > ---
> > This is static checker stuff.  I'm not very familiar with this code.
> > 
> > diff --git a/net/netfilter/ipvs/ip_vs_proto_sctp.c b/net/netfilter/ipvs/ip_vs_proto_sctp.c
> > index 6e14a7b..8646488 100644
> > --- a/net/netfilter/ipvs/ip_vs_proto_sctp.c
> > +++ b/net/netfilter/ipvs/ip_vs_proto_sctp.c
> > @@ -208,7 +208,7 @@ enum ipvs_sctp_event_t {
> >  	IP_VS_SCTP_EVE_LAST
> >  };
> >  
> > -static enum ipvs_sctp_event_t sctp_events[255] = {
> > +static enum ipvs_sctp_event_t sctp_events[256] = {
> >  	IP_VS_SCTP_EVE_DATA_CLI,
> >  	IP_VS_SCTP_EVE_INIT_CLI,
> >  	IP_VS_SCTP_EVE_INIT_ACK_CLI,
> 
> 	There are more confusing (still, non-fatal)
> problems in this IPVS-SCTP support, eg.
> 
>         if (direction == IP_VS_DIR_OUTPUT)
> -               event++;
> +               event *= 2;
> 
> 	I guess we are running with wrong timeouts.

IMHO there seem to be many problems with SCTP, but it is good to
fix the ones we find as we find them.

Would you like to make a patch for the above change or should I?

> 	Also, I'm not sure we support properly the
> one-way states as done for TCP (IP_VS_DIR_INPUT_ONLY).
> May be this code deserves more serious review, for example,
> net/netfilter/nf_conntrack_proto_sctp.c looks as good
> source for comparison.

I believe it does need a more serious review.

> 	Anyways, this change looks correct to me,
> 
> Acked-by: Julian Anastasov <ja@....bg>

I have queued-up this change in ipvs-next.
Thanks Dan & Julian.
--
To unsubscribe from this list: send the line "unsubscribe netdev" in
the body of a message to majordomo@...r.kernel.org
More majordomo info at  http://vger.kernel.org/majordomo-info.html

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ