lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list] 
Message-id: <1376515097.9293.6.camel@nexus>
Date:	Wed, 14 Aug 2013 23:18:17 +0200
From:	Damian Lukowski <damian@....rwth-aachen.de>
To:	Rick Jones <rick.jones2@...com>
Cc:	Yuchung Cheng <ycheng@...gle.com>, netdev <netdev@...r.kernel.org>
Subject: Re: TCP Connection teardown seems to violate TCP specification

At least in curl, the close() seems to be implicit as it occurs 
at the very end of the trace:

close(3)                                = 0
exit_group(0)                           = ?
+++ exited with 0 +++

Nevertheless, shouldn't the stack keep on reading the input
even if the local application is not interested in it?
The other side might rely on it, and I've seen webserver logs
which indicate SSL read errors likely because of this.

Kind regards
 Damian

Am Mittwoch, den 14.08.2013, 13:14 -0700 schrieb Rick Jones:
> On 08/14/2013 12:50 PM, Yuchung Cheng wrote:
> > On Wed, Aug 14, 2013 at 12:21 PM, Damian Lukowski
> > <damian@....rwth-aachen.de> wrote:
> >> Hi,
> >>
> >> the TCP specification states that an endpoint has to accept
> >> packets from the other side even after it has half-closed the
> >> connection locally. This does not seem to be the case
> >> under Linux?
> >>
> >> For example, when I wget -O /dev/null https://www.verisign.com/
> >> --max-redir 0, the local TCP stack sends an FIN,ACK close to the end.
> >> However, the webserver has more data to send (Encrypted Alert).
> >> Instead of ACKing the packet, the local side sends a RST.
> >> This seems wrong to me.
> >
> > Which wget are you using? it's not doing half-close (i.e.,
> > shutdown(SHUT_WR)) on my wget version 1.13.4
> 
> I suspect that when Damian system call traces his wget he will find it 
> is doing either:
> 
> close()
> 
> or
> shutdown(SHUT_WR)
> close()
> without waiting for the read return of zero from the remote.
> 
> it may even be just exiting after getting the last bytes of the URL, 
> which would be an implicit close()
> 
> Over the years I've seen examples of all three behaviours.
> 
> rick jones
> 
> >
> >
> >>
> >> Regards
> >>   Damian
> >>
> >> --
> >> To unsubscribe from this list: send the line "unsubscribe netdev" in
> >> the body of a message to majordomo@...r.kernel.org
> >> More majordomo info at  http://vger.kernel.org/majordomo-info.html
> > --
> > To unsubscribe from this list: send the line "unsubscribe netdev" in
> > the body of a message to majordomo@...r.kernel.org
> > More majordomo info at  http://vger.kernel.org/majordomo-info.html
> >
> 


--
To unsubscribe from this list: send the line "unsubscribe netdev" in
the body of a message to majordomo@...r.kernel.org
More majordomo info at  http://vger.kernel.org/majordomo-info.html

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ