| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
Message-ID: <20080530190218.GD1743@solarflare.com>
Date: Fri, 30 May 2008 20:02:20 +0100
From: Ben Hutchings <bhutchings@...arflare.com>
To: Adam Langley <agl@...erialviolet.org>
Cc: davem@...emloft.net, netdev@...r.kernel.org
Subject: Re: [PATCH] Fix corrupt TCP packets when options space overflows with MD5SIG enabled
Adam Langley wrote:
> When MD5 signatures are turned on we can end up with syntactically invalid
> packets with a header length < 20 bytes. This is because tcp_header_size
> overflows with 12 bytes of timestamp, 20 bytes of signature and > 8 bytes of
> SACK option.
[...]
> @@ -519,12 +529,23 @@ static int tcp_transmit_skb(struct sock *sk,
> struct sk_buff *skb, int clone_it,
> tcp_header_size += TCPOLEN_WSCALE_ALIGNED;
> sysctl_flags |= SYSCTL_FLAG_WSCALE;
> }
> - if (sysctl_tcp_sack) {
> + if (sysctl_tcp_sack
> +#ifdef CONFIG_TCP_MD5SIG
> + /* We don't include SACK options if we are going to
> + * include an MD5 signature because they can't fit
> + * in the options space */
> + && !md5
> +#endif
Putting an #ifdef..#endif in the middle of an if () is a bit nasty. Why not
define md5 and set it to 0 if CONFIG_TCP_MD5SIG is not set? The compiler
should be able to optimise it away if it's always initialised to 0.
Ben.
--
Ben Hutchings, Senior Software Engineer, Solarflare Communications
Not speaking for my employer; that's the marketing department's job.
--
To unsubscribe from this list: send the line "unsubscribe netdev" in
the body of a message to majordomo@...r.kernel.org
More majordomo info at http://vger.kernel.org/majordomo-info.html
Powered by blists - more mailing lists