| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
Message-ID: <AE90C24D6B3A694183C094C60CF0A2F6026B746B@saturn3.aculab.com>
Date: Fri, 6 Dec 2013 15:46:31 -0000
From: "David Laight" <David.Laight@...LAB.COM>
To: "Neil Horman" <nhorman@...driver.com>, <linux-sctp@...r.kernel.org>
Cc: "Wang Weidong" <wangweidong1@...wei.com>,
"David Miller" <davem@...emloft.net>,
"Vlad Yasevich" <vyasevich@...il.com>, <netdev@...r.kernel.org>
Subject: RE: [PATCH] sctp: properly latch and use autoclose value from sock to association
> From: Neil Horman
> Currently, sctp associations latch a sockets autoclose value to an association
> at association init time, subject to capping constraints from the max_autoclose
> sysctl value. This leads to an odd situation where an application may set a
> socket level autoclose timeout, but sliently sctp will limit the autoclose
> timeout to something less than that.
>
> Fix this by modifying the autoclose setsockopt function to check the limit, cap
> it and warn the user via syslog that the timeout is capped. This will allow
> getsockopt to return valid autoclose timeout values that reflect what subsequent
> associations actually use.
...
> + if (sp->autoclose > net->sctp.max_autoclose) {
> + pr_warn("Capping autoclose value %d to defined maximum of %lu\n",
> + sp->autoclose, net->sctp.max_autoclose);
> + sp->autoclose = net->sctp.max_autoclose;
> + }
Is it really reasonable to allow a user to spam syslog this way?
David
--
To unsubscribe from this list: send the line "unsubscribe netdev" in
the body of a message to majordomo@...r.kernel.org
More majordomo info at http://vger.kernel.org/majordomo-info.html
Powered by blists - more mailing lists