lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
Open Source and information security mailing list archives
| ||
|
Message-ID: <20161019131636.zhusbqh63qlbq5vy@dwarf.suse.cz> Date: Wed, 19 Oct 2016 15:16:36 +0200 From: Jiri Bohac <jbohac@...e.cz> To: David Miller <davem@...emloft.net> Cc: julia.lawall@...6.fr, kuznet@....inr.ac.ru, jmorris@...ei.org, yoshfuji@...ux-ipv6.org, kaber@...sh.net, netdev@...r.kernel.org, kbuild-all@...org Subject: Re: [PATCH] ipv6: fix signedness of tmp_prefered_lft underflow check Hi, On Tue, Oct 18, 2016 at 02:25:25PM -0400, David Miller wrote: > Does the check make any sense at all? I'd say just remove it. The purpose was to guard against the user updating the temp_prefered_lft sysctl after this: max_desync_factor = min_t(__u32, idev->cnf.max_desync_factor, idev->cnf.temp_prefered_lft - regen_advance); but before this: tmp_prefered_lft = idev->cnf.temp_prefered_lft + age - idev->desync_factor; With enough bad luck, tmp_prefered_lft could underflow and the resulting preferred lifetime could be almost infinity. On the other hand, with this check, this situation will result with the temporary address not being created at all, which might be even worse. So if you prefer it, just drop the check. Patch in a follow-up e-mail. Thanks, -- Jiri Bohac <jbohac@...e.cz> SUSE Labs, SUSE CZ
Powered by blists - more mailing lists