lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list] 
Date:	Mon, 12 Dec 2011 17:18:46 -0500
From:	Vladislav Yasevich <vladislav.yasevich@...com>
To:	Xi Wang <xi.wang@...il.com>
CC:	netdev@...r.kernel.org, linux-sctp@...r.kernel.org,
	Andrew Morton <akpm@...ux-foundation.org>,
	Andrei Pelinescu-Onciul <andrei@...el.org>,
	"David S. Miller" <davem@...emloft.net>
Subject: Re: [PATCH RESEND] sctp: fix incorrect overflow check on autoclose

On 12/09/2011 01:04 PM, Xi Wang wrote:
> On Dec 9, 2011, at 12:38 PM, Vladislav Yasevich wrote:
>> I think this should be u32 since that's what sp->autoclose is.
> 
> Do you mean something like this?
> 
> 	min_t(u32, sp->autoclose, MAX_SCHEDULE_TIMEOUT / HZ)
> 
> On 64-bit platform this would limit autoclose for no good
> reason to
> 
> 	(u32)(MAX_SCHEDULE_TIMEOUT / HZ),
> 
> which is basically 0x978d4fdf (assuming HZ is 250).  I guess the
> intention was to allow autoclose to be any u32 on 64-bit platform.
> 

Hm..  this is a bit strange.  This makes it so that on 32 bit platforms
we have one upper bound for autoclose and on 64 we have another even though
the type is platform dependent.  This could be considered a regression by
applications.

In addition this would result in confusion to user since the values
between setsockopt() and getsockopt() for autoclose would be different.

Looking at the latest spec, it actually looks like we are completely
mis-interpreting autoclose.  It's supposed to be in seconds.

For now, I'd suggest to make this consistent between 32 and 64 bits.
Having inconsistent values seems strange.

As a next set the api needs to be fixed to accept seconds as
argument.

-vlad





--
To unsubscribe from this list: send the line "unsubscribe netdev" in
the body of a message to majordomo@...r.kernel.org
More majordomo info at  http://vger.kernel.org/majordomo-info.html

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ