lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list] 
Date:	Sun, 24 Jun 2012 13:12:33 -0400
From:	Neal Cardwell <ncardwell@...gle.com>
To:	Eric Dumazet <eric.dumazet@...il.com>
Cc:	David Miller <davem@...emloft.net>, netdev@...r.kernel.org,
	Eric Dumazet <edumazet@...gle.com>,
	Tom Herbert <therbert@...gle.com>
Subject: Re: [PATCH 5/5] tcp: plug dst leak in tcp_v6_conn_request()

On Sun, Jun 24, 2012 at 3:41 AM, Eric Dumazet <eric.dumazet@...il.com> wrote:
> On Sun, 2012-06-24 at 01:22 -0400, Neal Cardwell wrote:
>> The code in tcp_v6_conn_request() was implicitly assuming that
>> tcp_v6_send_synack() would take care of dst_release(), much as
>> tcp_v4_send_synack() already does. This resulted in
>> tcp_v6_conn_request() leaking a dst if sysctl_tw_recycle is enabled.
>>
>> This commit restructures tcp_v6_send_synack() so that it accepts a dst
>> pointer and takes care of releasing the dst that is passed in, to plug
>> the leak and avoid future surprises by bringing the IPv6 behavior in
>> line with the IPv4 side.
>
> I feel a bit uncomfortable to send a mix of 3 patches to fix one bug.
>
> Could you instead send pure fix (fixing dst leak) for net tree ?
>
> Then, when fix is incorporated in net-next, send the cleanups ?
>
> This also clashes with this pending work, so it would ease things if you
> can respin the cleanups for net-next
>
> http://patchwork.ozlabs.org/patch/166737/

Yes, the patches in this series were generated as patches against the
"net" tree (sorry for not indicating that).

The dst leak on the v6 sysctl_tw_recycle code path (patches 2-5) seems
like a pretty low priority, so I think we could simplify your plan
even a little further... How about this as a plan: we could apply the
first patch in the series (tcp: heed result of
security_inet_conn_request() in tcp_v6_conn_request()) to the net tree
now, and skip patches 2-5 for now. Once your pending synack work is in
net-next, I can respin patches 2-5 for net-next. How does that sound?

neal
--
To unsubscribe from this list: send the line "unsubscribe netdev" in
the body of a message to majordomo@...r.kernel.org
More majordomo info at  http://vger.kernel.org/majordomo-info.html

Powered by blists - more mailing lists