lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [day] [month] [year] [list]
Message-Id: <E1Oy9vd-0001vO-Qw@shakespeare.ccsl.carleton.ca>
Date:	Tue, 21 Sep 2010 16:59:05 -0400
From:	gwurster@....carleton.ca
To:	unlisted-recipients:; (no To-header on input)

>From 36cd6bd6ec6eae8eb7b6adabc0a0e73db791bc36 Mon Sep 17 00:00:00 2001
From: Glenn Wurster <gwurster@....carleton.ca>
Date: Tue, 21 Sep 2010 16:59:04 -0400
Subject: [PATCH 2.6.36-rc3 1/1] IPv6 BUG: Temp addresses are immediately deleted after being created.
Cc: "David S. Miller" <davem@...emloft.net>,
 Alexey Kuznetsov <kuznet@....inr.ac.ru>,
 "Pekka Savola (ipv6)" <pekkas@...core.fi>,
 James Morris <jmorris@...ei.org>,
 Hideaki YOSHIFUJI <yoshfuji@...ux-ipv6.org>,
 Patrick McHardy <kaber@...sh.net>,
 Stephen Hemminger <shemminger@...tta.com>,
 Eric Dumazet <eric.dumazet@...il.com>,
 Herbert Xu <herbert@...dor.apana.org.au>,
 netdev@...r.kernel.org
To: linux-kernel@...r.kernel.org
X-Length: 2827
MIME-Version: 1.0
Content-Disposition: inline
X-UID: 9
Content-Transfer-Encoding: 7bit
Message-Id: <201009211659.05584.gwurster@....carleton.ca>

There is a bug in the interaction between ipv6_create_tempaddr and 
addrconf_verify.  Because ipv6_create_tempaddr uses the cstamp and tstamp 
from the public address in creating a private address, if we have not 
received a router advertisement in a while, tstamp + temp_valid_lft might be 
< now.  If this happens, the new address is created inside 
ipv6_create_tempaddr, then the loop within addrconf_verify starts again and 
the address is immediately deleted.  We are left with no temporary addresses 
on the interface, and no more will be created until the public IP address is 
updated.  To avoid this, set the expiry time to be the minimum of the time 
left on the public address or the config option PLUS the current age of the 
public interface.

Signed-off-by: Glenn Wurster <gwurster@....carleton.ca>
---
 net/ipv6/addrconf.c |    7 ++++---
 1 files changed, 4 insertions(+), 3 deletions(-)

diff --git a/net/ipv6/addrconf.c b/net/ipv6/addrconf.c
index cfee6ae..9c74454 100644
--- a/net/ipv6/addrconf.c
+++ b/net/ipv6/addrconf.c
@@ -836,7 +836,7 @@ static int ipv6_create_tempaddr(struct inet6_ifaddr *ifp, 
struct inet6_ifaddr *i
 {
 	struct inet6_dev *idev = ifp->idev;
 	struct in6_addr addr, *tmpaddr;
-	unsigned long tmp_prefered_lft, tmp_valid_lft, tmp_cstamp, tmp_tstamp;
+	unsigned long tmp_prefered_lft, tmp_valid_lft, tmp_cstamp, tmp_tstamp, age;
 	unsigned long regen_advance;
 	int tmp_plen;
 	int ret = 0;
@@ -886,12 +886,13 @@ retry:
 		goto out;
 	}
 	memcpy(&addr.s6_addr[8], idev->rndid, 8);
+	age = (jiffies - ifp->tstamp) / HZ;
 	tmp_valid_lft = min_t(__u32,
 			      ifp->valid_lft,
-			      idev->cnf.temp_valid_lft);
+			      idev->cnf.temp_valid_lft + age);
 	tmp_prefered_lft = min_t(__u32,
 				 ifp->prefered_lft,
-				 idev->cnf.temp_prefered_lft -
+				 idev->cnf.temp_prefered_lft + age -
 				 idev->cnf.max_desync_factor);
 	tmp_plen = ifp->prefix_len;
 	max_addresses = idev->cnf.max_addresses;

--
To unsubscribe from this list: send the line "unsubscribe netdev" in
the body of a message to majordomo@...r.kernel.org
More majordomo info at  http://vger.kernel.org/majordomo-info.html

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ