lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [<thread-prev] [day] [month] [year] [list]
Message-ID: <6A909177-3A6D-4817-94A8-1B5A931A8CD9@guavus.com>
Date:	Thu, 29 Apr 2010 17:39:30 +0000
From:	Bijay Singh <Bijay.Singh@...vus.com>
To:	Bijay Singh <Bijay.Singh@...vus.com>
CC:	"netdev@...r.kernel.org" <netdev@...r.kernel.org>
Subject: Re: TCP MD5 issue


I did a simple experiment to conclude that the md5sig_pool is indeed having an integrity issue.

In the .cal_md5_hash function after the calculations i printed the values of psuedo header which is kept in the md5sig_pool variable and the values after completing the calculations, it has different values for at-least one of src,dest or length in a few cases. 

Does anyone get a cue from this?

On 29-Apr-2010, at 7:19 AM, Bijay Singh wrote:

> 
> 
>> Hi,
>> 
>> I have hit upon bug in the TCP MD5 implementation. The bug shows up in load conditions. I haven't  been able to exactly identify the issue, but is easily reproducible.
>> 
>> I run multiple instances (44 pairs) of servers and clients. All servers running on ubuntu 2.6.31 and all clients running on 2.6.26.
>> 
>> I observe that few messages from either end have invalid MD5 Hash signatures.
>> 
>> I browsed thru the code and did not find anything suspicious.
>> 
>> I hacked the code (2.6.26) to call the .calc_md5_hash function twice at the same point and printked the hashes from the .calc_md5_hash function. I noticed that sometimes the 1st call gives the in correct value and sometimes the 2nd call gives the in correct value, which essentially leads me the believe that the input to the fucntions are not getting modified. 
>> 
>> I short-circuited the crypto and called the md5 functions directly and allocated the md5 context from the stack, to remove any kind of sharing violation that may be happening. (the context otherwise is saved per cpu in the md5_sig_pool and the exection of the hash generation code is made non-preemtbale to prevent sharing voilation). btw what will happen if there is an interupt.
>> 
>> After this change the code is running much more smoothly, however i did manage to get 6 error in 4 hours, earlier i was seen invalid cheksum errors with secs of starting the load.
>> 
>> I have rerun the test and haven't observed any error since last 2 hours.
>> 
>> I need to fix this issue and am heavily dependent on you to provide me with some clues to proceed further. Pls. let me know if you need any more data.
>> 
>> Looking forward to your response.
>> 
>> Thanks
>> BIjay
> 
> --
> To unsubscribe from this list: send the line "unsubscribe netdev" in
> the body of a message to majordomo@...r.kernel.org
> More majordomo info at  http://vger.kernel.org/majordomo-info.html

--
To unsubscribe from this list: send the line "unsubscribe netdev" in
the body of a message to majordomo@...r.kernel.org
More majordomo info at  http://vger.kernel.org/majordomo-info.html

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ