lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [thread-next>] [day] [month] [year] [list] 
Message-ID: <aPi4b6aWBbBR52P1@stanley.mountain>
Date: Wed, 22 Oct 2025 13:56:47 +0300
From: Dan Carpenter <dan.carpenter@...aro.org>
To: Eric Biggers <ebiggers@...nel.org>
Cc: netdev@...r.kernel.org
Subject: [bug report] tcp: Convert tcp-md5 to use MD5 library instead of
 crypto_ahash

Hello Eric Biggers,

Commit 37a183d3b7cd ("tcp: Convert tcp-md5 to use MD5 library instead
of crypto_ahash") from Oct 14, 2025 (linux-next), leads to the
following Smatch static checker warning:

	net/ipv4/tcp.c:4911 tcp_inbound_md5_hash()
	error: we previously assumed 'key' could be null (see line 4900)

net/ipv4/tcp.c
  4884  tcp_inbound_md5_hash(const struct sock *sk, const struct sk_buff *skb,
  4885                       const void *saddr, const void *daddr,
  4886                       int family, int l3index, const __u8 *hash_location)
  4887  {
  4888          /* This gets called for each TCP segment that has TCP-MD5 option.
  4889           * We have 3 drop cases:
  4890           * o No MD5 hash and one expected.
  4891           * o MD5 hash and we're not expecting one.
  4892           * o MD5 hash and its wrong.
  4893           */
  4894          const struct tcp_sock *tp = tcp_sk(sk);
  4895          struct tcp_md5sig_key *key;
  4896          u8 newhash[16];
  4897  
  4898          key = tcp_md5_do_lookup(sk, l3index, saddr, family);
  4899  
  4900          if (!key && hash_location) {

If key is NULL and hash_location is zero

  4901                  NET_INC_STATS(sock_net(sk), LINUX_MIB_TCPMD5UNEXPECTED);
  4902                  trace_tcp_hash_md5_unexpected(sk, skb);
  4903                  return SKB_DROP_REASON_TCP_MD5UNEXPECTED;
  4904          }
  4905  
  4906          /* Check the signature.
  4907           * To support dual stack listeners, we need to handle
  4908           * IPv4-mapped case.
  4909           */
  4910          if (family == AF_INET)
  4911                  tcp_v4_md5_hash_skb(newhash, key, NULL, skb);
  4912          else
  4913                  tp->af_specific->calc_md5_hash(newhash, key, NULL, skb);

then we are toasted one way or the other.

  4914          if (memcmp(hash_location, newhash, 16) != 0) {
  4915                  NET_INC_STATS(sock_net(sk), LINUX_MIB_TCPMD5FAILURE);
  4916                  trace_tcp_hash_md5_mismatch(sk, skb);
  4917                  return SKB_DROP_REASON_TCP_MD5FAILURE;
  4918          }
  4919          return SKB_NOT_DROPPED_YET;
  4920  }

regards,
dan carpenter

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ