lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list] 
Message-ID: <55DB5BFA.3020405@gmail.com>
Date:	Mon, 24 Aug 2015 14:01:30 -0400
From:	Vlad Yasevich <vyasevich@...il.com>
To:	Xin Long <lucien.xin@...il.com>,
	network dev <netdev@...r.kernel.org>
CC:	mleitner@...hat.com, davem@...emloft.net
Subject: Re: [PATCH net] sctp: partial chunk should be drop without sending
 abort packet

On 08/24/2015 06:08 AM, Xin Long wrote:
> as RFC 4960, 6.10 said, *if the receiver detects a partial chunk, it MUST drop
> the chunk*, we should not send the abort. but if we put this discard to inside
> state machine, it will send abort.
> 

Actually, silently dropping this is _very_ bad.  There reason is that you've already
processed the leading chunks and may have potentially queued a response...  Now, you
reach the end of the packet and find that the last chunk is partial.  You end up
dropping the packet, but still handing the responses.  This actually lead to some very
interesting issues we were seeing.

It is better to terminate the association in this case.

-vlad

> so we just drop the partial chunk there, never let this chunk go into the state
> machine.
> 
> Signed-off-by: Xin Long <lucien.xin@...il.com>
> ---
>  net/sctp/inqueue.c | 6 +++---
>  1 file changed, 3 insertions(+), 3 deletions(-)
> 
> diff --git a/net/sctp/inqueue.c b/net/sctp/inqueue.c
> index 7e8a16c..a22ca57 100644
> --- a/net/sctp/inqueue.c
> +++ b/net/sctp/inqueue.c
> @@ -183,9 +183,9 @@ struct sctp_chunk *sctp_inq_pop(struct sctp_inq *queue)
>  		/* This is not a singleton */
>  		chunk->singleton = 0;
>  	} else if (chunk->chunk_end > skb_tail_pointer(chunk->skb)) {
> -		/* Discard inside state machine. */
> -		chunk->pdiscard = 1;
> -		chunk->chunk_end = skb_tail_pointer(chunk->skb);
> +		sctp_chunk_free(chunk);
> +		chunk = queue->in_progress = NULL;
> +		return NULL;
>  	} else {
>  		/* We are at the end of the packet, so mark the chunk
>  		 * in case we need to send a SACK.
> 

--
To unsubscribe from this list: send the line "unsubscribe netdev" in
the body of a message to majordomo@...r.kernel.org
More majordomo info at  http://vger.kernel.org/majordomo-info.html

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ