| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
Message-ID: <m3bqb89yjw.fsf@bandura.englab.brq.redhat.com>
Date: Tue, 09 Oct 2007 16:01:55 +0200
From: Anton Arapov <aarapov@...hat.com>
To: netdev@...r.kernel.org
Subject: [PATCH] ipv4: kernel panic when only one unsecured port available
Steps to reproduce:
Server:
[root@...ver ~]# cat /etc/exports
/export *(ro,insecure)
// there is insecure ... I am using ports like "1024 to 61000"
[root@...ver ~] service nfs restart
Client:
1.[root@...ent ~]# echo 32768 32768 > /proc/sys/net/ipv4/ip_local_port_range
32768 32768
// two same numbers, for ex "32769 32769" etc.
2.[root@...ent ~]# cat /proc/sys/net/ipv4/ip_local_port_range
32768 32768
3.[root@...ent ~]# mount server:/export /import
Actual results:
Kernel always panics
--------------------------------------------------------------------
[PATCH] ipv4: kernel panic when only one unsecured port available
Patch prevents division by zero. Kernel panics if only one
unsecured port available.
Signed-off-by: Anton Arapov <aarapov@...hat.com>
---
net/ipv4/inet_connection_sock.c | 2 +-
1 files changed, 1 insertions(+), 1 deletions(-)
diff --git a/net/ipv4/inet_connection_sock.c b/net/ipv4/inet_connection_sock.c
index fbe7714..00ad079 100644
--- a/net/ipv4/inet_connection_sock.c
+++ b/net/ipv4/inet_connection_sock.c
@@ -80,7 +80,7 @@ int inet_csk_get_port(struct inet_hashinfo *hashinfo,
int low = sysctl_local_port_range[0];
int high = sysctl_local_port_range[1];
int remaining = (high - low) + 1;
- int rover = net_random() % (high - low) + low;
+ int rover = net_random() % remaining + low;
do {
head = &hashinfo->bhash[inet_bhashfn(rover, hashinfo->bhash_size)];
--
Anton Arapov, <aarapov@...hat.com>
Kernel Development, Red Hat
GPG Key ID: 0x6FA8C812
Content of type "application/pgp-signature" skipped
Powered by blists - more mailing lists