| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
Date: Tue, 13 Nov 2012 14:35:44 -0500 (EST) From: David Miller <davem@...emloft.net> To: eric.dumazet@...il.com Cc: romain@...bokech.com, netdev@...r.kernel.org, ncardwell@...gle.com, ycheng@...gle.com, nanditad@...gle.com, hkchu@...gle.com Subject: Re: [PATCH v2] tcp: tcp_replace_ts_recent() should not be called from tcp_validate_incoming() From: Eric Dumazet <eric.dumazet@...il.com> Date: Tue, 13 Nov 2012 07:37:18 -0800 > From: Eric Dumazet <edumazet@...gle.com> > > We added support for RFC 5961 in latest kernels but TCP fails > to perform exhaustive check of ACK sequence. > > We can update our view of peer tsval from a frame that is > later discarded by tcp_ack() > > This makes timestamps enabled sessions vulnerable to injection of > a high tsval : peers start an ACK storm, since the victim > sends a dupack each time it receives an ACK from the other peer. > > As tcp_validate_incoming() is called before tcp_ack(), we should > not peform tcp_replace_ts_recent() from it, and let callers do it > at the right time. > > Signed-off-by: Eric Dumazet <edumazet@...gle.com> Applied, thanks a lot. -- To unsubscribe from this list: send the line "unsubscribe netdev" in the body of a message to majordomo@...r.kernel.org More majordomo info at http://vger.kernel.org/majordomo-info.html
Powered by blists - more mailing lists