lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list]
Date:   Sat, 19 May 2018 17:00:50 -0400 (EDT)
From:   David Miller <davem@...emloft.net>
To:     dbanerje@...mai.com
Cc:     netdev@...r.kernel.org, kuznet@....inr.ac.ru,
        yoshfuji@...ux-ipv6.org
Subject: Re: [PATCH RFC net-next 1/1] tcp: close socket without reset on
 incoming data

From: Debabrata Banerjee <dbanerje@...mai.com>
Date: Fri, 18 May 2018 15:01:41 -0400

> When TCP_CLOSE_NORST is set before a close(), offload sinking of
> unwanted data to the kernel with low resource usage, with a timeout of
> TCP_LINGER2. The socket will transition to FIN_WAIT1 and then FIN_WAIT2
> where it will ack data until either the timeout is hit, or a RST or FIN
> is received.
> 
> Signed-off-by: Debabrata Banerjee <dbanerje@...mai.com>

This is a very serious protocol violation.

You're telling the remote end that you received the data even though
the socket was closed and nothing actually "sunk" the bytes.

This doesn't even go into the issues of sending cumulative ACKs in
response to data which is arbitrarily out-of-order.

The whole problem is that the post data is sent before the client
looks to see if the server is willing to accept the post data or not.

A: I'd like to send you 200MB of crap
   [ 200MB of craaaa...
B: Sorry I won't be accepting that, please don't send it.

   CLOSE, send reset since some of crap is queued up and
   was never read

A: aaaaapp... received RESET
A: Why didn't B accept my 200MB of crap?

Sorry, you'll need to deal with this issue in another way.

Thanks.

Powered by blists - more mailing lists