lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [<thread-prev] [day] [month] [year] [list] 
Date:	Fri, 11 Jul 2014 15:03:26 -0700 (PDT)
From:	David Miller <davem@...emloft.net>
To:	jon.maloy@...csson.com
Cc:	netdev@...r.kernel.org, paul.gortmaker@...driver.com,
	erik.hugne@...csson.com, ying.xue@...driver.com, maloy@...jonn.com,
	tipc-discussion@...ts.sourceforge.net
Subject: Re: [PATCH net 1/1] tipc: clear 'next'-pointer of message
 fragments before reassembly

From: Jon Maloy <jon.maloy@...csson.com>
Date: Fri, 11 Jul 2014 08:45:27 -0400

> If the 'next' pointer of the last fragment buffer in a message is not
> zeroed before reassembly, we risk ending up with a corrupt message,
> since the reassembly function itself isn't doing this.
> 
> Currently, when a buffer is retrieved from the deferred queue of the
> broadcast link, the next pointer is not cleared, with the result as
> described above.
> 
> This commit corrects this, and thereby fixes a bug that may occur when
> long broadcast messages are transmitted across dual interfaces. The bug
> has been present since 40ba3cdf542a469aaa9083fa041656e59b109b90 ("tipc:
> message reassembly using fragment chain")
> 
> This commit should be applied to both net and net-next.
> 
> Signed-off-by: Jon Maloy <jon.maloy@...csson.com>

Applied, but I have to say this isn't the first time I've seen the TIPC
buffer chaining code require a bug fix like this.

That gives me the impression that it's done in an error prone way, so
you may want to take that into consideration and do something to make
these lists harder to mismanage.

Thanks.

--
To unsubscribe from this list: send the line "unsubscribe netdev" in
the body of a message to majordomo@...r.kernel.org
More majordomo info at  http://vger.kernel.org/majordomo-info.html

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ