lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [day] [month] [year] [list] 
Message-ID: <20210108080046.014d6924@hermes.local>
Date:   Fri, 8 Jan 2021 08:00:46 -0800
From:   Stephen Hemminger <stephen@...workplumber.org>
To:     netdev@...r.kernel.org
Subject: Fw: [Bug 211085] New: No response from TCP connection in ESTALISHED
 state if sending data segment with unacceptable ACK

This looks like a case where some conformance test is testing a corner case in
the standard where the Linux TCP stack is not following the standard for valid reasons.
Linux behavior of silently dropping the packet would reduce DoS changes and information
leakage for MiTM attacks.

Begin forwarded message:

Date: Fri, 08 Jan 2021 08:17:40 +0000
From: bugzilla-daemon@...zilla.kernel.org
To: stephen@...workplumber.org
Subject: [Bug 211085] New: No response from TCP connection in ESTALISHED state if sending data segment with unacceptable ACK


https://bugzilla.kernel.org/show_bug.cgi?id=211085

            Bug ID: 211085
           Summary: No response from TCP connection in ESTALISHED state if
                    sending data segment with unacceptable ACK
           Product: Networking
           Version: 2.5
    Kernel Version: 5.4.24 and upstream
          Hardware: All
                OS: Linux
              Tree: Mainline
            Status: NEW
          Severity: normal
          Priority: P1
         Component: IPV4
          Assignee: stephen@...workplumber.org
          Reporter: alex.thresher@...glemail.com
        Regression: No

We're currently failing to pass the TCP_UNACCEPTABLE_04 test from TCP/IP tests
of TC8 ECU and Network Test specification (Open Alliance). The Test
specification is freely available on the Internet.
TCP_UNACCEPTABLE_04 validates the behavior of RFC793 'Chapter 3.4. 
Establishing a connection / Reset Generation (3)' (Page 36) and 'Chapter 9 -
Event Processing / SEGMENT ARRIVES / Otherwise / Check ACK field' (Page 71) 
which pointed out that sending an unacceptable ACK in ESTALISHED state for
example ACK acks a data segment not yet sent should be answered with an ACK
(from RFC793 - '...must elicit only an empty acknowledgment segment containing 
the current send-sequence number and an acknowledgment indicating the next
sequence number expected to be received...'). After that the segment needs to
be discarded. 
Unfortunately the segment is only discarded and not confirmed by ACK. I did
some research in the TCP/IP stack and found the code which is responsible for
discarding the ACK. 
It's in 'net/ipv4/tcp_input.c' in function tcp_ack currently on line 3727 of
upstream kernel.

>>/* If the ack includes data we haven't sent yet, discard
>> * this segment (RFC793 Section 3.9).
>> */
>>if (after(ack, tp->snd_nxt))
>>        return -1;  

Validation was done on DUT target with Kernel 5.4.24.

Let me if you need further informations.

-- 
You may reply to this email to add a comment.

You are receiving this mail because:
You are the assignee for the bug.

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ