| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
Message-ID: <CANn89iJvtuT4q-djaCzoGJTY68vE8wT+LVDkYGm=8_XzC9gchg@mail.gmail.com>
Date: Thu, 1 Apr 2021 18:04:05 +0200
From: Eric Dumazet <edumazet@...gle.com>
To: Otto Hollmann <otto.hollmann@...e.com>
Cc: "David S. Miller" <davem@...emloft.net>,
Jakub Kicinski <kuba@...nel.org>,
netdev <netdev@...r.kernel.org>,
LKML <linux-kernel@...r.kernel.org>,
Jonathan Corbet <corbet@....net>,
David Ahern <dsahern@...nel.org>,
Michal Kubecek <mkubecek@...e.cz>
Subject: Re: [PATCH net-next] net: document a side effect of ip_local_reserved_ports
On Thu, Apr 1, 2021 at 5:58 PM Otto Hollmann <otto.hollmann@...e.com> wrote:
>
> If there is overlapp between ip_local_port_range and ip_local_reserved_ports with a huge reserved block, it will affect probability of selecting ephemeral ports, see file net/ipv4/inet_hashtables.c:723
>
> int __inet_hash_connect(
> ...
> for (i = 0; i < remaining; i += 2, port += 2) {
> if (unlikely(port >= high))
> port -= remaining;
> if (inet_is_local_reserved_port(net, port))
> continue;
>
> E.g. if there is reserved block of 10000 ports, two ports right after this block will be 5000 more likely selected than others.
> If this was intended, we can/should add note into documentation as proposed in this commit, otherwise we should think about different solution. One option could be mapping table of continuous port ranges. Second option could be letting user to modify step (port+=2) in above loop, e.g. using new sysctl parameter.
>
> Signed-off-by: Otto Hollmann <otto.hollmann@...e.com>
I think we can view this as a security bug that needs a fix.
Powered by blists - more mailing lists