Suggestions for patch

2005-03-04 Thread Folkert van Heusden 
Hi,

I have a suggestion for the openbsd net security patch.
In the function static int tcp_v4_get_port(struct sock *sk, unsigned short snum)
there's the code that says:
rover = tcp_port_rover;
(like 224 on the version of tcp_ipv4.c patched with your patch for rc2 of 
2.6.11)
I would like to suggest to change it to:
get_random_bytes(, sizeof(rover));
no checks around it: that's already been taken care of in the original
code.

And for the ipv6 code:
diff -uNr tcp_ipv6.c.org tcp_ipv6.c
--- tcp_ipv6.c.org  2005-03-04 22:28:53.181183066 +0100
+++ tcp_ipv6.c  2005-03-04 22:32:56.425994913 +0100
@@ -138,8 +138,8 @@
int remaining = (high - low) + 1;
int rover;

+   get_random_bytes(, sizeof(rover));
spin_lock(_portalloc_lock);
-   rover = tcp_port_rover;
do {rover++;
if ((rover < low) || (rover > high))
rover = low;


Folkert van Heusden

Op zoek naar een IT of Finance baan? Mail me voor de mogelijkheden!
+--+
|UNIX admin? Then give MultiTail (http://vanheusden.com/multitail/)|
|a try, it brings monitoring logfiles to a different level! See|
|http://vanheusden.com/multitail/features.html for a feature list. |
+--= www.unixsoftware.nl =-+
Phone: +31-6-41278122, PGP-key: 1F28D8AE
Get your PGP/GPG key signed at www.biglumber.com!


signature.asc
Description: Digital signature

Suggestions for patch

2005-03-04 Thread Folkert van Heusden 
Hi,

I have a suggestion for the openbsd net security patch.
In the function static int tcp_v4_get_port(struct sock *sk, unsigned short snum)
there's the code that says:
rover = tcp_port_rover;
(like 224 on the version of tcp_ipv4.c patched with your patch for rc2 of 
2.6.11)
I would like to suggest to change it to:
get_random_bytes(rover, sizeof(rover));
no checks around it: that's already been taken care of in the original
code.

And for the ipv6 code:
diff -uNr tcp_ipv6.c.org tcp_ipv6.c
--- tcp_ipv6.c.org  2005-03-04 22:28:53.181183066 +0100
+++ tcp_ipv6.c  2005-03-04 22:32:56.425994913 +0100
@@ -138,8 +138,8 @@
int remaining = (high - low) + 1;
int rover;

+   get_random_bytes(rover, sizeof(rover));
spin_lock(tcp_portalloc_lock);
-   rover = tcp_port_rover;
do {rover++;
if ((rover  low) || (rover  high))
rover = low;


Folkert van Heusden

Op zoek naar een IT of Finance baan? Mail me voor de mogelijkheden!
+--+
|UNIX admin? Then give MultiTail (http://vanheusden.com/multitail/)|
|a try, it brings monitoring logfiles to a different level! See|
|http://vanheusden.com/multitail/features.html for a feature list. |
+--= www.unixsoftware.nl =-+
Phone: +31-6-41278122, PGP-key: 1F28D8AE
Get your PGP/GPG key signed at www.biglumber.com!


signature.asc
Description: Digital signature