| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
Date: Wed, 23 Nov 2011 14:53:18 -0000 From: "David Laight" <David.Laight@...LAB.COM> To: "Alan Cox" <alan@...rguk.ukuu.org.uk>, "Xi Wang" <xi.wang@...il.com> Cc: <linux-kernel@...r.kernel.org>, "Joerg Reuter" <jreuter@...na.de>, "Ralf Baechle" <ralf@...ux-mips.org>, "David Miller" <davem@...emloft.net>, <linux-hams@...r.kernel.org>, <netdev@...r.kernel.org> Subject: RE: [PATCH 1/2] ax25: integer overflows in ax25_setsockopt() > > All these magic numbers come from net/ax25/sysctl_net_ax25.c, where > > min/max values of each field are set for sysctl. Is it okay to use > > them? > > The sysctl range is the 'standard' range, but it's always historically > been possible to override them in apps for special cases. I'm wary of > changing that because people do insane things like AX.25 > bounced off the moon where you need very long timeouts. It is a long time since I wrote any of the X.25 protocol stack layers, but I would agree that limiting timers to the values defined in the standard is probably not a good idea. Even normal telco's may have decided to use values that are outside the nominal range. These timers are almost certainly either 'guard' timers for missing responses or retransmit timers for 'keepalive' messages - so allowing much larger values doesn't matter. I'd only limit them in order to stop the code breaking. The lower limit (1 second) will be below the limit for the protocol - but exists to stop the code breaking. David -- To unsubscribe from this list: send the line "unsubscribe netdev" in the body of a message to majordomo@...r.kernel.org More majordomo info at http://vger.kernel.org/majordomo-info.html
Powered by blists - more mailing lists