| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
Date: Tue, 05 Jun 2007 22:22:36 +0200 From: Eric Dumazet <dada1@...mosbay.com> To: David Miller <davem@...emloft.net> CC: netdev@...r.kernel.org Subject: Re: [BUG] UDP : bind() checks are not complete David Miller a écrit : > From: Eric Dumazet <dada1@...mosbay.com> > Date: Tue, 5 Jun 2007 19:15:36 +0200 > >> I discovered one big problem with UDP binding in 2.6.22-rc4 : > > Thanks for finding this problem, the crux of the issue is > INADDR_ANY. Well, I feel guilty as I was initial patch submiter :( > >> We really should check no socket is bound to XXX.XXX.XXX.XXX:32769. With current hashing, >> it means checking all slots in udptable[] :( >> >> Our choices are : >> >> 1) Drop all thoses patches and re-think them for 2.6.23 eventually >> 2) Add the extra check for ANY_ADDR sockets and perform a full scan >> >> What do you think ? > > Does checking for INADDR_ANY sockets really require a full scan? > It should just need two hash probes as far as I can tell to see > if there is "0.0.0.0:PORT" bound already. Well, we might have 1000 ip addresses on the machine (or not :) ), and 192.168.0.1:PORT ... 192.168.0.254:PORT already bound. - To unsubscribe from this list: send the line "unsubscribe netdev" in the body of a message to majordomo@...r.kernel.org More majordomo info at http://vger.kernel.org/majordomo-info.html
Powered by blists - more mailing lists