lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [<thread-prev] [day] [month] [year] [list] 
Date:	Sun, 29 Mar 2015 13:48:29 -0700 (PDT)
From:	David Miller <davem@...emloft.net>
To:	jon.maloy@...csson.com
Cc:	netdev@...r.kernel.org, paul.gortmaker@...driver.com,
	erik.hugne@...csson.com, ying.xue@...driver.com, maloy@...jonn.com,
	tipc-discussion@...ts.sourceforge.net
Subject: Re: [PATCH net-next 1/1] tipc: fix two bugs in secondary
 destination lookup

From: Jon Maloy <jon.maloy@...csson.com>
Date: Fri, 27 Mar 2015 10:19:19 -0400

> A message sent to a node after a successful name table lookup may still
> find that the destination socket has disappeared, because distribution
> of name table updates is non-atomic. If so, the message will be rejected
> back to the sender with error code TIPC_ERR_NO_PORT. If the source
> socket of the message has disappeared in the meantime, the message
> should be dropped.
> 
> However, in the currrent code, the message will instead be subject to an
> unwanted tertiary lookup, because the function tipc_msg_lookup_dest()
> doesn't check if there is an error code present in the message before
> performing the lookup. In the worst case, the message may now find the
> old destination again, and be redirected once more, instead of being
> dropped directly as it should be.
> 
> A second bug in this function is that the "prev_node" field in the message
> is not updated after successful lookup, something that may have
> unpredictable consequences.
> 
> The problems arising from those bugs occur very infrequently.
> 
> The third change in this function; the test on msg_reroute_msg_cnt() is
> purely cosmetic, reflecting that the returned value never can be negative.
> 
> This commit corrects the two bugs described above.
> 
> Signed-off-by: Jon Maloy <jon.maloy@...csson.com>

Applied, thanks Jon.
--
To unsubscribe from this list: send the line "unsubscribe netdev" in
the body of a message to majordomo@...r.kernel.org
More majordomo info at  http://vger.kernel.org/majordomo-info.html

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ