lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list]
Date:	Tue, 5 Aug 2008 18:40:04 +0100
From:	Ben Hutchings <bhutchings@...arflare.com>
To:	Nicolas Bareil <nico@...ir.org>
Cc:	netdev@...r.kernel.org
Subject: Re: [BUG] before() integer overflow

Nicolas Bareil wrote:
> 
> Hello!
> 
> 
> In include/net/tcp.h, the before() function is defined like this :
> 
>  241 /*
>  242  * The next routines deal with comparing 32 bit unsigned ints
>  243  * and worry about wraparound (automatic with unsigned arithmetic).
>  244  */
>  245 
>  246 static inline int before(__u32 seq1, __u32 seq2)
>  247 {
>  248         return (__s32)(seq1-seq2) < 0;
>  249 }
>  250 #define after(seq2, seq1)   before(seq1, seq2)
> 
> 
> If seq1 = 0xffffff and seq2 = 0 (so seq1 > seq2), the difference is
> equal to 0xffffff, or -1 as a 32 bits signed number.
> 
>  => before() will return true instead of false.
[...]

That's exactly what we want.  The initial sequence number is random (and
TCP streams are not limited to 4GB) so the sequence can wrap around.  0
follows 0xffffffff.  If we were to compare sequence numbers from two
packets more than 2GB apart in the stream, this comparison would give
the wrong answer, but currently this is not likely to be a problem.

Ben.

-- 
Ben Hutchings, Senior Software Engineer, Solarflare Communications
Not speaking for my employer; that's the marketing department's job.
They asked us to note that Solarflare product names are trademarked.
--
To unsubscribe from this list: send the line "unsubscribe netdev" in
the body of a message to majordomo@...r.kernel.org
More majordomo info at  http://vger.kernel.org/majordomo-info.html

Powered by blists - more mailing lists