lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [thread-next>] [day] [month] [year] [list]
Message-ID: <15e3bab9-f21e-9a55-a87e-e389f633f755@taghos.com.br>
Date:   Mon, 19 Sep 2016 18:16:28 -0300
From:   Douglas Caetano dos Santos <douglascs@...hos.com.br>
To:     "David S. Miller" <davem@...emloft.net>,
        Alexey Kuznetsov <kuznet@....inr.ac.ru>,
        James Morris <jmorris@...ei.org>,
        Hideaki YOSHIFUJI <yoshfuji@...ux-ipv6.org>,
        Patrick McHardy <kaber@...sh.net>, <netdev@...r.kernel.org>
Subject: [PATCH] tcp: fix wrong checksum calculation on MTU probing

With TCP MTU probing enabled and offload TX checksumming disabled,
tcp_mtu_probe() calculated the wrong checksum when a fragment being copied
into the probe's SKB had an odd length. This was caused by the direct use
of skb_copy_and_csum_bits() to calculate the checksum, as it pads the
fragment being copied, if needed. When this fragment was not the last, a
subsequent call used the previous checksum without considering this
padding.

The effect was a stale connection in one way, as even retransmissions
wouldn't solve the problem, because the checksum was never recalculated for
the full SKB length.

Signed-off-by: Douglas Caetano dos Santos <douglascs@...hos.com.br>
---
  net/ipv4/tcp_output.c | 10 ++++++----
  1 file changed, 6 insertions(+), 4 deletions(-)

diff --git a/net/ipv4/tcp_output.c b/net/ipv4/tcp_output.c
index f53d0cc..767135e 100644
--- a/net/ipv4/tcp_output.c
+++ b/net/ipv4/tcp_output.c
@@ -1968,10 +1968,12 @@ static int tcp_mtu_probe(struct sock *sk)
          copy = min_t(int, skb->len, probe_size - len);
          if (nskb->ip_summed)
              skb_copy_bits(skb, 0, skb_put(nskb, copy), copy);
-        else
-            nskb->csum = skb_copy_and_csum_bits(skb, 0,
-                                skb_put(nskb, copy),
-                                copy, nskb->csum);
+        else {
+            __wsum csum = skb_copy_and_csum_bits(skb, 0,
+                                 skb_put(nskb, copy),
+                                 copy, 0);
+            nskb->csum = csum_block_add(nskb->csum, csum, len);
+        }

          if (skb->len <= copy) {
              /* We've eaten all the data from this skb.
-- 
2.5.0


Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ