lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [day] [month] [year] [list]
Date:   Mon, 18 Jul 2022 11:01:19 -0700
From:   Stephen Hemminger <stephen@...workplumber.org>
To:     netdev@...r.kernel.org
Subject: Fw: [Bug 216259] New: Setting SO_OOBINLINE after receiving OOB data
 over TCP can cause that data to be received again



Begin forwarded message:

Date: Mon, 18 Jul 2022 17:34:38 +0000
From: bugzilla-daemon@...nel.org
To: stephen@...workplumber.org
Subject: [Bug 216259] New: Setting SO_OOBINLINE after receiving OOB data over TCP can cause that data to be received again


https://bugzilla.kernel.org/show_bug.cgi?id=216259

            Bug ID: 216259
           Summary: Setting SO_OOBINLINE after receiving OOB data over TCP
                    can cause that data to be received again
           Product: Networking
           Version: 2.5
    Kernel Version: 5.17.0
          Hardware: All
                OS: Linux
              Tree: Mainline
            Status: NEW
          Severity: normal
          Priority: P1
         Component: IPV4
          Assignee: stephen@...workplumber.org
          Reporter: zfigura@...eweavers.com
        Regression: No

Created attachment 301451
  --> https://bugzilla.kernel.org/attachment.cgi?id=301451&action=edit  
test program demonstrating the bug

I'm not sure if this is a bug—I haven't fully read specs and perhaps it's
within spec for OOBINLINE or TCP or something—but it certainly looks like one.

The attached test program demonstrates the bug, and probably more clearly than
any verbal description. It sends and receives a byte of OOB data over a
(loopback) socket pair, sets the receiving socket to SO_OOBINLINE, and then
calls recv() again (without MSG_OOB). This results in the same byte being
received again.

If on the other hand a recv() call is made before setting SO_OOBINLINE [guarded
out with if(0)], the offending call does not succeed, which heightens my
suspicion that this is a bug.

-- 
You may reply to this email to add a comment.

You are receiving this mail because:
You are the assignee for the bug.

Powered by blists - more mailing lists