lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list] 
Message-Id: <B8CDE765-7DCE-4257-91E1-CC85CB7F87F7@oracle.com>
Date:   Wed, 11 Sep 2019 13:54:14 -0400
From:   Chuck Lever <chuck.lever@...cle.com>
To:     Benjamin Coddington <bcodding@...hat.com>
Cc:     Jason L Tibbitts III <tibbs@...h.uh.edu>,
        Bruce Fields <bfields@...ldses.org>,
        Wolfgang Walter <linux@...m.de>,
        Linux NFS Mailing List <linux-nfs@...r.kernel.org>,
        km@...all.com, linux-kernel@...r.kernel.org
Subject: Re: Regression in 5.1.20: Reading long directory fails



> On Sep 11, 2019, at 1:50 PM, Benjamin Coddington <bcodding@...hat.com> wrote:
> 
> On 11 Sep 2019, at 13:40, Benjamin Coddington wrote:
> 
>> On 11 Sep 2019, at 13:29, Chuck Lever wrote:
>> 
>>>> On Sep 11, 2019, at 1:26 PM, Benjamin Coddington <bcodding@...hat.com> wrote:
>>>> 
>>>> 
>>>> On 11 Sep 2019, at 12:39, Chuck Lever wrote:
>>>> 
>>>>>> On Sep 11, 2019, at 12:25 PM, Benjamin Coddington <bcodding@...hat.com> wrote:
>>>>>> 
>>>> 
>>>>>> Instead, I think we want to make sure the mic falls squarely into the tail
>>>>>> every time.
>>>>> 
>>>>> I'm not clear how you could do that. The length of the page data is not
>>>>> known to the client before it parses the reply. Are you suggesting that
>>>>> gss_unwrap should do it somehow?
>>>> 
>>>> Is it too niave to always put the mic at the end of the tail?
>>> 
>>> The size of the page content is variable.
>>> 
>>> The only way the MIC will fall into the tail is if the page content is
>>> exactly the largest expected size. When the page content is smaller than
>>> that, the receive logic will place part or all of the MIC in ->pages.
>> 
>> Ok, right.  But what I meant is that xdr_buf_read_netobj() should be renamed
>> and repurposed to be "move the mic from wherever it is to the end of
>> xdr_buf's tail".
>> 
>> But now I see what you mean, and I also see that it is already trying to do
>> that.. and we don't want to overlap the copy..
>> 
>> So, really, we need the tail to be larger than twice the mic.. less 1.  That
>> means the fix is probably just increasing rslack for krb5i.
> 
> .. or we can keep the tighter tail space, and if we detect the mic straddles
> the page and tail, we can move the mic into the tail with 2 copies, first
> move the bit in the tail back, then move the bit in the pages.
> 
> Which is preferred, less allocation, or in the rare case this occurs, doing
> copy twice?

It sounds like the bug is that the current code does not deal correctly
when the MIC crosses the boundary between ->pages and ->tail? I'd like
to see that addressed rather than changing rslack.


--
Chuck Lever

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ