| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
Date: Wed, 22 Jun 2016 16:34:07 -0400 (EDT) From: David Miller <davem@...emloft.net> To: jon.maloy@...csson.com Cc: netdev@...r.kernel.org, paul.gortmaker@...driver.com, parthasarathy.bhuvaragan@...csson.com, richard.alpe@...csson.com, ying.xue@...driver.com, maloy@...jonn.com, tipc-discussion@...ts.sourceforge.net Subject: Re: [PATCH net 1/1] tipc: unclone unbundled buffers before forwarding From: Jon Maloy <jon.maloy@...csson.com> Date: Mon, 20 Jun 2016 09:20:46 -0400 > When extracting an individual message from a received "bundle" buffer, > we just create a clone of the base buffer, and adjust it to point into > the right position of the linearized data area of the latter. This works > well for regular message reception, but during periods of extremely high > load it may happen that an extracted buffer, e.g, a connection probe, is > reversed and forwarded through an external interface while the preceding > extracted message is still unhandled. When this happens, the header or > data area of the preceding message will be partially overwritten by a > MAC header, leading to unpredicatable consequences, such as a link > reset. > > We now fix this by ensuring that the msg_reverse() function never > returns a cloned buffer, and that the returned buffer always contains > sufficient valid head and tail room to be forwarded. > > Reported-by: Erik Hugne <erik.hugne@...il.com> > Acked-by: Ying Xue <ying.xue@...driver.com> > Signed-off-by: Jon Maloy <jon.maloy@...csson.com> Applied.
Powered by blists - more mailing lists