lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list]
Message-Id: <20071015140025.84e73297.akpm@linux-foundation.org>
Date:	Mon, 15 Oct 2007 14:00:25 -0700
From:	Andrew Morton <akpm@...ux-foundation.org>
To:	David Miller <davem@...emloft.net>
Cc:	aarapov@...hat.com, linux-kernel@...r.kernel.org,
	linux-netdev@...r.kernel.org, davem@...hat.com, jgarzik@...hat.com
Subject: Re: [PATCH] ipv4: kernel panic when only one unsecured port
 available

On Mon, 15 Oct 2007 13:06:14 -0700 (PDT)
David Miller <davem@...emloft.net> wrote:

> From: Andrew Morton <akpm@...ux-foundation.org>
> Date: Mon, 15 Oct 2007 12:49:19 -0700
> 
> > This code has recently been reworked, but from my reading, that
> > divide-by-zero can still occur.  And given that the numbers in
> > /proc/sys/net/ipv4/ip_local_port_range are inclusive, the arithmetic in
> > inet_csk_get_port() seems to just be wrong?
> > 
> > So we have this, against David's current devel tree:
> 
> I'm pretty sure we took care of this, but maybe not :-)

<looks>

OK, in ipv4_local_port_range() we have 

                if (range[1] <= range[0])
                        ret = -EINVAL;

which will prevent the crashes.

But is it good to disallow high=low?  This disallows a port range of one
single port.  Unless "high" is exclusive.  But
Documentation/filesystems/proc.txt says

: ip_local_port_range
: -------------------
:
: Range of  ports  used  by  TCP  and UDP to choose the local port. Contains two
: numbers, the  first  number  is the lowest port, the second number the highest
: local port.  Default  is  1024-4999.  Should  be  changed  to  32768-61000 for
: high-usage systems.

ie: inclusive.

Documentation/networking/ip-sysctl.txt says

: ip_local_port_range - 2 INTEGERS
: 	Defines the local port range that is used by TCP and UDP to
: 	choose the local port. The first number is the first, the 
: 	second the last local port number. Default value depends on
: 	amount of memory available on the system:
: 	> 128Mb 32768-61000
: 	< 128Mb 1024-4999 or even less.
: 	This number defines number of active connections, which this
: 	system can issue simultaneously to systems not supporting
: 	TCP extensions (timestamps). With tcp_tw_recycle enabled
: 	(i.e. by default) range 1024-4999 is enough to issue up to
: 	2000 connections per second to systems supporting timestamps.

also inclusive.


-
To unsubscribe from this list: send the line "unsubscribe linux-kernel" in
the body of a message to majordomo@...r.kernel.org
More majordomo info at  http://vger.kernel.org/majordomo-info.html
Please read the FAQ at  http://www.tux.org/lkml/

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ