lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [thread-next>] [day] [month] [year] [list]
Message-ID: <20240111194917.4044654-1-edumazet@google.com>
Date: Thu, 11 Jan 2024 19:49:12 +0000
From: Eric Dumazet <edumazet@...gle.com>
To: "David S . Miller" <davem@...emloft.net>, Jakub Kicinski <kuba@...nel.org>, 
	Paolo Abeni <pabeni@...hat.com>
Cc: Matthieu Baerts <matttbe@...nel.org>, Mat Martineau <martineau@...nel.org>, 
	Geliang Tang <geliang.tang@...ux.dev>, Florian Westphal <fw@...len.de>, netdev@...r.kernel.org, 
	eric.dumazet@...il.com, Eric Dumazet <edumazet@...gle.com>
Subject: [PATCH net 0/5] mptcp: better validation of MPTCPOPT_MP_JOIN option

Based on a syzbot report (see 4th patch in the series).

We need to be more explicit about which one of the
following flag is set by mptcp_parse_option():

- OPTION_MPTCP_MPJ_SYN
- OPTION_MPTCP_MPJ_SYNACK
- OPTION_MPTCP_MPJ_ACK

Then select the appropriate values instead of OPTIONS_MPTCP_MPJ

Paolo suggested to do the same for OPTIONS_MPTCP_MPC (5th patch)

Eric Dumazet (5):
  mptcp: mptcp_parse_option() fix for MPTCPOPT_MP_JOIN
  mptcp: strict validation before using mp_opt->hmac
  mptcp: use OPTION_MPTCP_MPJ_SYNACK in subflow_finish_connect()
  mptcp: use OPTION_MPTCP_MPJ_SYN in subflow_check_req()
  mptcp: refine opt_mp_capable determination

 net/mptcp/options.c |  6 +++---
 net/mptcp/subflow.c | 16 ++++++++--------
 2 files changed, 11 insertions(+), 11 deletions(-)

-- 
2.43.0.275.g3460e3d667-goog


Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ