| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
Date: Wed, 23 Aug 2017 20:20:22 -0700
From: Eric Dumazet <eric.dumazet@...il.com>
To: Ivan Delalande <colona@...sta.com>
Cc: David Miller <davem@...emloft.net>, netdev@...r.kernel.org
Subject: Re: [PATCH net-next] inet_diag: report TCP MD5 signing keys and
addresses
On Thu, 2017-08-24 at 03:22 +0200, Ivan Delalande wrote:
> Report TCP MD5 (RFC2385) signing keys, addresses and address prefixes to
> processes with CAP_NET_ADMIN requesting INET_DIAG_INFO. Currently it is
> not possible to retrieve these from the kernel once they have been
> configured on sockets.
I really find that all these changes in net/ipv4/inet_diag.c
for TCP stuff (and #ifdef CONFIG_TCP_MD5SIG all over the places) are
ugly.
Also, since you do not lock the socket, inet_diag_put_md5sig()
might see different lists (&md5sig->head) and you could either write non
reserved memory, or at the contrary report not initialized kernel data
to user.
+static int inet_diag_put_md5sig(struct sk_buff *skb,
+ const struct tcp_md5sig_info *md5sig)
+{
+ const struct tcp_md5sig_key *key;
+ struct nlattr *attr;
+ struct tcp_md5sig *info = NULL;
+ int md5sig_count = 0;
+
+ hlist_for_each_entry_rcu(key, &md5sig->head, node)
+ md5sig_count++;
+
+ attr = nla_reserve(skb, INET_DIAG_MD5SIG,
+ md5sig_count * sizeof(struct tcp_md5sig));
+ if (!attr)
+ return -EMSGSIZE;
+
+ info = nla_data(attr);
+ hlist_for_each_entry_rcu(key, &md5sig->head, node) {
+ inet_diag_md5sig_fill(info, key);
+ info++;
Here we might see different keys than computed (in md5sig_count)
+ }
+
+ return 0;
+}
+#endif
+
Powered by blists - more mailing lists