lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list] 
Message-ID: <91657d20-3a3e-495a-a725-6724ecf6ac65@randorisec.fr>
Date: Thu, 13 Mar 2025 18:18:29 +0100
From: Arthur Mongodin <amongodin@...dorisec.fr>
To: Matthieu Baerts <matttbe@...nel.org>, netdev@...r.kernel.org
Cc: martineau@...nel.org, geliang@...nel.org, davem@...emloft.net,
 edumazet@...gle.com, kuba@...nel.org, Paolo Abeni <pabeni@...hat.com>,
 horms@...nel.org, mptcp@...ts.linux.dev, hanguelkov@...dorisec.fr,
 Davy Douhine <davy@...dorisec.fr>
Subject: Re: [PATCH net] mptcp: Fix data stream corruption in the address
 announcement

Hi Matthieu,

On 3/13/25 18:10, Matthieu Baerts wrote:
> On 13/03/2025 17:26, Arthur Mongodin wrote:
>> The DSS and ADD_ADDR options should be exclusive and not send together.
>> The call to the mptcp_pm_add_addr_signal() function in the
>> mptcp_established_options_add_addr() function could modify opts->addr, thus also opts->ext_copy as they belong to distinguish entries of the same union field in mptcp_out_options. If the DSS option should not be dropped, the check if the DSS option has been previously established and thus if we should not establish the ADD_ADDR option is done after opts->addr (thus opts->ext_copy) has been modified.
> 
> It looks like you forgot to wrap this long line. I guess checkpatch.pl
> should have complained. (Tip: 'b4' is a good handy tool to send patches)

Sorry, I did a last minute change and I forgot to rerun
checkpatch.pl.

> Also, it is a bit difficult to understand this line. If that's OK, I can
> update this when applying this patch to our MPTCP tree first. I will
> send it back to netdev later on.

It's OK with me.

Regards,

Arthur Mongodin
Security researcher at Randorisec

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ