lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list] 
Message-ID: <2498181.kKNYHvd3hx@f19simon>
Date:	Fri, 20 Feb 2015 16:41:17 +0000
From:	Simon Farnsworth <simon@...nz.org.uk>
To:	Christoph Schulz <develop@...stov.de>
Cc:	netdev@...r.kernel.org, Dan Williams <dcbw@...hat.com>,
	mostrows@...il.com, linux-ppp@...r.kernel.org
Subject: Re: [PATCH] pppoe: Use workqueue to die properly when a PADT is received

On Friday 20 February 2015 17:10:14 Christoph Schulz wrote:
> (Cc: linux-ppp@...r.kernel.org, mostrows@...il.com)
> 
> Hello!
> 
> Simon Farnsworth schrieb am Thu, 19 Feb 2015 21:24:28 +0000:
> 
> > When a PADT frame is received, the socket may not be in a good state to
> > close down the PPP interface. The current implementation handles this by
> > simply blocking all further PPP traffic, and hoping that the lack of traffic
> > will trigger the user to investigate.
> >
> > Use schedule_work to get to a process context from which we clear down the
> > PPP interface, in a fashion analogous to hangup on a TTY-based PPP
> > interface. This causes pppd to disconnect immediately, and allows tools to
> > take immediate corrective action.
> 
> Tested-by: Christoph Schulz <develop@...stov.de>
> 
<snip success report>
> However, note also that your patch causes pppd (or rather the rp-pppoe  
> plugin) to wonder about the socket closed by the kernel:
> 
> Feb 20 16:45:44 sandbox local2.err pppd[539]: Failed to disconnect  
> PPPoE socket: 114 Operation already in progress
>
I assume there's nothing else wrong here, other than pppd complaining? The
code doesn't suggest there will be issues if we fail to disconnect.

> I don't fully understand the code there; it seems that the plugin  
> *connects* the PPPoE session socket in order to *disconnect* it:
> 
> static void
> PPPOEDisconnectDevice(void)
> {
>      struct sockaddr_pppox sp;
> 
>      sp.sa_family = AF_PPPOX;
>      sp.sa_protocol = PX_PROTO_OE;
>      sp.sa_addr.pppoe.sid = 0;
>      memcpy(sp.sa_addr.pppoe.dev, conn->ifName, IFNAMSIZ);
>      memcpy(sp.sa_addr.pppoe.remote, conn->peerEth, ETH_ALEN);
>      if (connect(conn->sessionSocket, (struct sockaddr *) &sp,
>                  sizeof(struct sockaddr_pppox)) < 0)
>          error("Failed to disconnect PPPoE socket: %d %m", errno);
>      close(conn->sessionSocket);
>      /* don't send PADT?? */
>      if (conn->discoverySocket >= 0)
>          close(conn->discoverySocket);
> }

The code is trying to disconnect the session by connecting to session 0
(which is invalid) in order to stop data flow. I'll have another look at the
kernel code tonight to see if that does anything that
close(conn->sessionSocket) won't do - I can't see a good reason for it,
though.

I suspect this is a straight bug in the rp-pppoe.so plugin.
--
Simon Farnsworth

Download attachment "signature.asc" of type "application/pgp-signature" (474 bytes)

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ