lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite for Android: free password hash cracker in your pocket
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list] 
Date:	Wed, 10 Oct 2007 11:00:17 +0200
From:	Anton Arapov <aarapov@...hat.com>
To:	"Denis V. Lunev" <den@...nvz.org>
Cc:	netdev@...r.kernel.org
Subject: Re: [PATCH] division-by-zero in inet_csk_get_port


Ok, I've got it, so we have to do the same with the following:
quote from inet_hashtables.c and inet6_hashtables.c. I'll prepare the
patch.

And just a curious, does the /* Treat low > high as high == low */
idea will keep after the sysctl will be patched?

int inet_hash_connect(struct inet_timewait_death_row *death_row,
                      struct sock *sk)
{
        struct inet_hashinfo *hinfo = death_row->hashinfo;
        const unsigned short snum = inet_sk(sk)->num;
        struct inet_bind_hashbucket *head;
        struct inet_bind_bucket *tb;
        int ret;

        if (!snum) {
                int low = sysctl_local_port_range[0];
                int high = sysctl_local_port_range[1];
>                int range = high - low;
                int i;
                int port;
                static u32 hint;
                u32 offset = hint + inet_sk_port_offset(sk);
                struct hlist_node *node;
                struct inet_timewait_sock *tw = NULL;

                local_bh_disable();
                for (i = 1; i <= range; i++) {
>                        port = low + (i + offset) % range;
 

"Denis V. Lunev" <den@...nvz.org> writes:
> This patch fixed a possible division-by-zero in inet_csk_get_port
> treating situation low > high as if low == high.
>
> Signed-off-by: Denis V. Lunev <den@...nvz.org>
> CC: Antov Arapov  <aarapov@...hat.com>
>
> --- ./net/ipv4/inet_connection_sock.c.getport	2007-10-09 15:16:02.000000000 +0400
> +++ ./net/ipv4/inet_connection_sock.c	2007-10-10 12:44:04.000000000 +0400
> @@ -80,7 +80,14 @@ int inet_csk_get_port(struct inet_hashin
>  		int low = sysctl_local_port_range[0];
>  		int high = sysctl_local_port_range[1];
>  		int remaining = (high - low) + 1;
> -		int rover = net_random() % (high - low) + low;
> +		int rover;
> +
> +		/* Treat low > high as high == low */
> +		if (remaining <= 1) {
> +			remaining = 1;
> +			rover = low;
> +		} else
> +			rover = net_random() % (high - low) + low;
>  
>  		do {
>  			head = &hashinfo->bhash[inet_bhashfn(rover, hashinfo->bhash_size)];

-- 
Anton Arapov, <aarapov@...hat.com>
Kernel Development, Red Hat
GPG Key ID: 0x6FA8C812

Content of type "application/pgp-signature" skipped

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ