| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
Message-Id: <20161125.200705.753838440776712819.davem@davemloft.net>
Date: Fri, 25 Nov 2016 20:07:05 -0500 (EST)
From: David Miller <davem@...emloft.net>
To: jon.maloy@...csson.com
Cc: netdev@...r.kernel.org, parthasarathy.bhuvaragan@...csson.com,
ying.xue@...driver.com, maloy@...jonn.com,
tipc-discussion@...ts.sourceforge.net
Subject: Re: [PATCH net 1/1] tipc: improve sanity check for received domain
records
From: Jon Maloy <jon.maloy@...csson.com>
Date: Wed, 23 Nov 2016 23:46:09 -0500
> In commit 35c55c9877f8 ("tipc: add neighbor monitoring framework") we
> added a data area to the link monitor STATE messages under the
> assumption that previous versions did not use any such data area.
>
> For versions older than Linux 4.3 this assumption is not correct. In
> those version, all STATE messages sent out from a node inadvertently
> contain a 16 byte data area containing a string; -a leftover from
> previous RESET messages which were using this during the setup phase.
> This string serves no purpose in STATE messages, and should no be there.
>
> Unfortunately, this data area is delivered to the link monitor
> framework, where a sanity check catches that it is not a correct domain
> record, and drops it. It also issues a rate limited warning about the
> event.
>
> Since such events occur much more frequently than anticipated, we now
> choose to remove the warning in order to not fill the kernel log with
> useless contents. We also make the sanity check stricter, to further
> reduce the risk that such data is inavertently admitted.
>
> Signed-off-by: Jon Maloy <jon.maloy@...csson.com>
Applied.
Powered by blists - more mailing lists