lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [<thread-prev] [day] [month] [year] [list] 
Date:   Fri, 15 Jun 2018 15:32:19 +0000
From:   "van der Linden, Frank" <fllinden@...zon.com>
To:     David Miller <davem@...emloft.net>
CC:     "edumazet@...gle.com" <edumazet@...gle.com>,
        "netdev@...r.kernel.org" <netdev@...r.kernel.org>
Subject: Re: [PATCH v3] tcp: verify the checksum of the first data segment in
 a new connection

On 6/14/18 5:05 PM, David Miller wrote:
> From: Frank van der Linden <fllinden@...zon.com>
> Date: Tue, 12 Jun 2018 23:09:37 +0000
>
>> commit 079096f103fa ("tcp/dccp: install syn_recv requests into ehash
>> table") introduced an optimization for the handling of child sockets
>> created for a new TCP connection.
>>
>> But this optimization passes any data associated with the last ACK of the
>> connection handshake up the stack without verifying its checksum, because it
>> calls tcp_child_process(), which in turn calls tcp_rcv_state_process()
>> directly.  These lower-level processing functions do not do any checksum
>> verification.
>>
>> Insert a tcp_checksum_complete call in the TCP_NEW_SYN_RECEIVE path to
>> fix this.
>>
>> Signed-off-by: Frank van der Linden <fllinden@...zon.com>
> Applied and queued up for -stable.
>
> I know you mention the bug causing commit in your commit message,
> but you should also still provide a proper Fixes: tag.  I took
> care of it for you this time.
Thanks Dave, and thanks for reminding me of the Fixes: tag. Will add it
next time.

- Frank

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ