lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [<thread-prev] [day] [month] [year] [list] 
Date:	Fri, 02 Mar 2007 12:51:58 -0800 (PST)
From:	David Miller <davem@...emloft.net>
To:	weid@...css.fujitsu.com
Cc:	netdev@...r.kernel.org
Subject: Re: Fix bugs in "Whether sock accept queue is full" checking

From: weidong <weid@...css.fujitsu.com>
Date: Wed, 14 Feb 2007 11:30:57 -0500

> diff -ruN old/include/net/sock.h new/include/net/sock.h
> --- old/include/net/sock.h	2007-02-03 08:38:21.000000000 -0500
> +++ new/include/net/sock.h	2007-02-03 08:38:30.000000000 -0500
> @@ -426,7 +426,7 @@
>  
>  static inline int sk_acceptq_is_full(struct sock *sk)
>  {
> -	return sk->sk_ack_backlog > sk->sk_max_ack_backlog;
> +	return sk->sk_ack_backlog >= sk->sk_max_ack_backlog;
>  }
>  
>  /*

I've applied this patch, and also fixed a similar case
I spotted in AF_UNIX after doing a quick audit.

Thank you.

commit 626d548a8d145a032cff9237245f8ac9d9056ac1
Author: David S. Miller <davem@...set.davemloft.net>
Date:   Fri Mar 2 12:49:23 2007 -0800

    [AF_UNIX]: Test against sk_max_ack_backlog properly.
    
    This brings things inline with the sk_acceptq_is_full() bug
    fix.  The limit test should be x >= sk_max_ack_backlog.
    
    Signed-off-by: David S. Miller <davem@...emloft.net>

diff --git a/net/unix/af_unix.c b/net/unix/af_unix.c
index 6069716..51ca438 100644
--- a/net/unix/af_unix.c
+++ b/net/unix/af_unix.c
@@ -934,7 +934,7 @@ static long unix_wait_for_peer(struct sock *other, long timeo)
 
 	sched = !sock_flag(other, SOCK_DEAD) &&
 		!(other->sk_shutdown & RCV_SHUTDOWN) &&
-		(skb_queue_len(&other->sk_receive_queue) >
+		(skb_queue_len(&other->sk_receive_queue) >=
 		 other->sk_max_ack_backlog);
 
 	unix_state_runlock(other);
@@ -1008,7 +1008,7 @@ restart:
 	if (other->sk_state != TCP_LISTEN)
 		goto out_unlock;
 
-	if (skb_queue_len(&other->sk_receive_queue) >
+	if (skb_queue_len(&other->sk_receive_queue) >=
 	    other->sk_max_ack_backlog) {
 		err = -EAGAIN;
 		if (!timeo)
@@ -1381,7 +1381,7 @@ restart:
 	}
 
 	if (unix_peer(other) != sk &&
-	    (skb_queue_len(&other->sk_receive_queue) >
+	    (skb_queue_len(&other->sk_receive_queue) >=
 	     other->sk_max_ack_backlog)) {
 		if (!timeo) {
 			err = -EAGAIN;
-
To unsubscribe from this list: send the line "unsubscribe netdev" in
the body of a message to majordomo@...r.kernel.org
More majordomo info at  http://vger.kernel.org/majordomo-info.html

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ