| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
Message-ID: <063D6719AE5E284EB5DD2968C1650D6DB0105BBB@AcuExch.aculab.com>
Date: Wed, 21 Sep 2016 10:21:43 +0000
From: David Laight <David.Laight@...LAB.COM>
To: 'Marcelo Ricardo Leitner' <marcelo.leitner@...il.com>,
"netdev@...r.kernel.org" <netdev@...r.kernel.org>
CC: "linux-sctp@...r.kernel.org" <linux-sctp@...r.kernel.org>,
Neil Horman <nhorman@...driver.com>,
Vlad Yasevich <vyasevich@...il.com>
Subject: RE: [PATCH next 1/2] sctp: fix the handling of SACK Gap Ack blocks
From: Marcelo Ricardo Leitner
> Sent: 20 September 2016 22:19
> sctp_acked() is using 32bit arithmetics on 16bits vars, via TSN_lte()
> macros, which is weird and confusing.
>
> Once the offset to ctsn is calculated, all wrapping is already handled
> and thus to verify the Gap Ack blocks we can just use pure
> less/big-or-equal than checks.
>
> Also, rename gap variable to tsn_offset, so it's more meaningful, as
> it doesn't point to any gap at all.
>
> Even so, I don't think this discrepancy resulted in any practical bug.
I think it might if gab.start/end are greater than 32767
...
> - gap = tsn - ctsn;
> - for (i = 0; i < ntohs(sack->num_gap_ack_blocks); ++i) {
> - if (TSN_lte(ntohs(frags[i].gab.start), gap) &&
> - TSN_lte(gap, ntohs(frags[i].gab.end)))
> + blocks = ntohs(sack->num_gap_ack_blocks);
> + tsn_offset = tsn - ctsn;
> + for (i = 0; i < blocks; ++i) {
> + if (tsn_offset >= ntohs(frags[i].gab.start) &&
> + tsn_offset <= ntohs(frags[i].gab.end))
...
David
Powered by blists - more mailing lists