lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
Open Source and information security mailing list archives
| ||
|
Date: Fri, 31 Jul 2020 09:02:04 +0200 From: Steffen Klassert <steffen.klassert@...unet.com> To: Sabrina Dubroca <sd@...asysnail.net> CC: <netdev@...r.kernel.org>, <cagney@...reswan.org> Subject: Re: [PATCH ipsec 1/2] espintcp: handle short messages instead of breaking the encap socket On Wed, Jul 29, 2020 at 06:38:42PM +0200, Sabrina Dubroca wrote: > Currently, short messages (less than 4 bytes after the length header) > will break the stream of messages. This is unnecessary, since we can > still parse messages even if they're too short to contain any usable > data. This is also bogus, as keepalive messages (a single 0xff byte), > though not needed with TCP encapsulation, should be allowed. > > This patch changes the stream parser so that short messages are > accepted and dropped in the kernel. Messages that contain a valid SPI > or non-ESP header are processed as before. > > Fixes: e27cca96cd68 ("xfrm: add espintcp (RFC 8229)") > Reported-by: Andrew Cagney <cagney@...reswan.org> > Signed-off-by: Sabrina Dubroca <sd@...asysnail.net> Applied, thanks!
Powered by blists - more mailing lists