lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list]
Message-ID: <8DD22D2C-A26B-430E-AB10-E420B4C6A8F0@redhat.com>
Date:   Wed, 11 Sep 2019 13:59:19 -0400
From:   "Benjamin Coddington" <bcodding@...hat.com>
To:     "Chuck Lever" <chuck.lever@...cle.com>
Cc:     "Jason L Tibbitts III" <tibbs@...h.uh.edu>,
        "Bruce Fields" <bfields@...ldses.org>,
        "Wolfgang Walter" <linux@...m.de>,
        "Linux NFS Mailing List" <linux-nfs@...r.kernel.org>,
        km@...all.com, linux-kernel@...r.kernel.org
Subject: Re: Regression in 5.1.20: Reading long directory fails

On 11 Sep 2019, at 13:43, Chuck Lever wrote:

>> On Sep 11, 2019, at 1:40 PM, Benjamin Coddington 
>> <bcodding@...hat.com> wrote:
>>
>> On 11 Sep 2019, at 13:29, Chuck Lever wrote:
>>
>>>> On Sep 11, 2019, at 1:26 PM, Benjamin Coddington 
>>>> <bcodding@...hat.com> wrote:
>>>>
>>>>
>>>> On 11 Sep 2019, at 12:39, Chuck Lever wrote:
>>>>
>>>>>> On Sep 11, 2019, at 12:25 PM, Benjamin Coddington 
>>>>>> <bcodding@...hat.com> wrote:
>>>>>>
>>>>
>>>>>> Instead, I think we want to make sure the mic falls squarely into 
>>>>>> the tail
>>>>>> every time.
>>>>>
>>>>> I'm not clear how you could do that. The length of the page data 
>>>>> is not
>>>>> known to the client before it parses the reply. Are you suggesting 
>>>>> that
>>>>> gss_unwrap should do it somehow?
>>>>
>>>> Is it too niave to always put the mic at the end of the tail?
>>>
>>> The size of the page content is variable.
>>>
>>> The only way the MIC will fall into the tail is if the page content 
>>> is
>>> exactly the largest expected size. When the page content is smaller 
>>> than
>>> that, the receive logic will place part or all of the MIC in 
>>> ->pages.
>>
>> Ok, right.  But what I meant is that xdr_buf_read_netobj() should be 
>> renamed
>> and repurposed to be "move the mic from wherever it is to the end of
>> xdr_buf's tail".
>>
>> But now I see what you mean, and I also see that it is already trying 
>> to do
>> that.. and we don't want to overlap the copy..
>>
>> So, really, we need the tail to be larger than twice the mic.. less 
>> 1.  That
>> means the fix is probably just increasing rslack for krb5i.
>
> What's the justification for that particular maximum size? Are you 
> sure the
> page contents are not spilling into the tail?

In the problem case, I am sure they are not.

The justification is that if the mic straddles pages and tail, today we 
try
to copy it to the end of the tail.  The room we'd need for that is the 
size
of the mic less any of it that is up in the pages.

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ