| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
Message-ID: <49B636DB.7010004@dev.6wind.com> Date: Tue, 10 Mar 2009 10:46:03 +0100 From: Nicolas Dichtel <nicolas.dichtel@....6wind.com> To: netdev <netdev@...r.kernel.org>, "David S. Miller" <davem@...emloft.net> Subject: XFRM state hash value Hi guys, this commit: [XFRM]: Hash xfrm_state objects by source address too. (http://git.kernel.org/?p=linux/kernel/git/davem/net-2.6.git;a=commitdiff;h=c1969f294e624d5b642fc8e6ab9468b7c7791fa8) introduces src address in hash for state. But in some cases, source address is a wildcard when state is inserted. For example, we can have something like this: # setkey -c add :: ff02::9 ah 0x100 -m transport -A hmac-md5 "cle3goldorakcle3"; In this case, __xfrm_state_insert() will calculate the hash value with src address set to 0, but xfrm_state_find() will use the real source address to calculate this hash. At the end, no state will be found. The most simple way to resolve this pb is to revert the previous patch, but maybe someone has a better idea... Regards, Nicolas -- To unsubscribe from this list: send the line "unsubscribe netdev" in the body of a message to majordomo@...r.kernel.org More majordomo info at http://vger.kernel.org/majordomo-info.html
Powered by blists - more mailing lists