lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
Open Source and information security mailing list archives
| ||
|
Date: Mon, 17 Jun 2019 10:03:50 -0700 From: Eric Dumazet <edumazet@...gle.com> To: "David S . Miller" <davem@...emloft.net> Cc: netdev <netdev@...r.kernel.org>, Eric Dumazet <edumazet@...gle.com>, Eric Dumazet <eric.dumazet@...il.com>, Greg Kroah-Hartman <gregkh@...uxfoundation.org>, Jonathan Looney <jtl@...flix.com>, Neal Cardwell <ncardwell@...gle.com>, Tyler Hicks <tyhicks@...onical.com>, Yuchung Cheng <ycheng@...gle.com>, Bruce Curtis <brucec@...flix.com>, Jonathan Lemon <jonathan.lemon@...il.com> Subject: [PATCH net 0/4] tcp: make sack processing more robust Jonathan Looney brought to our attention multiple problems in TCP stack at the sender side. SACK processing can be abused by malicious peers to either cause overflows, or increase of memory usage. First two patches fix the immediate problems. Since the malicious peers abuse senders by advertizing a very small MSS in their SYN or SYNACK packet, the last two patches add a new sysctl so that admins can chose a higher limit for MSS clamping. Eric Dumazet (4): tcp: limit payload size of sacked skbs tcp: tcp_fragment() should apply sane memory limits tcp: add tcp_min_snd_mss sysctl tcp: enforce tcp_min_snd_mss in tcp_mtu_probing() Documentation/networking/ip-sysctl.txt | 8 ++++++++ include/linux/tcp.h | 4 ++++ include/net/netns/ipv4.h | 1 + include/net/tcp.h | 2 ++ include/uapi/linux/snmp.h | 1 + net/ipv4/proc.c | 1 + net/ipv4/sysctl_net_ipv4.c | 11 +++++++++++ net/ipv4/tcp.c | 1 + net/ipv4/tcp_input.c | 26 ++++++++++++++++++++------ net/ipv4/tcp_ipv4.c | 1 + net/ipv4/tcp_output.c | 10 +++++++--- net/ipv4/tcp_timer.c | 1 + 12 files changed, 58 insertions(+), 9 deletions(-) -- 2.22.0.410.gd8fdbe21b5-goog
Powered by blists - more mailing lists