Suggestions for patch
Hi, I have a suggestion for the openbsd net security patch. In the function static int tcp_v4_get_port(struct sock *sk, unsigned short snum) there's the code that says: rover = tcp_port_rover; (like 224 on the version of tcp_ipv4.c patched with your patch for rc2 of 2.6.11) I would like to suggest to change it to: get_random_bytes(, sizeof(rover)); no checks around it: that's already been taken care of in the original code. And for the ipv6 code: diff -uNr tcp_ipv6.c.org tcp_ipv6.c --- tcp_ipv6.c.org 2005-03-04 22:28:53.181183066 +0100 +++ tcp_ipv6.c 2005-03-04 22:32:56.425994913 +0100 @@ -138,8 +138,8 @@ int remaining = (high - low) + 1; int rover; + get_random_bytes(, sizeof(rover)); spin_lock(_portalloc_lock); - rover = tcp_port_rover; do {rover++; if ((rover < low) || (rover > high)) rover = low; Folkert van Heusden Op zoek naar een IT of Finance baan? Mail me voor de mogelijkheden! +--+ |UNIX admin? Then give MultiTail (http://vanheusden.com/multitail/)| |a try, it brings monitoring logfiles to a different level! See| |http://vanheusden.com/multitail/features.html for a feature list. | +--= www.unixsoftware.nl =-+ Phone: +31-6-41278122, PGP-key: 1F28D8AE Get your PGP/GPG key signed at www.biglumber.com! signature.asc Description: Digital signature
Suggestions for patch
Hi, I have a suggestion for the openbsd net security patch. In the function static int tcp_v4_get_port(struct sock *sk, unsigned short snum) there's the code that says: rover = tcp_port_rover; (like 224 on the version of tcp_ipv4.c patched with your patch for rc2 of 2.6.11) I would like to suggest to change it to: get_random_bytes(rover, sizeof(rover)); no checks around it: that's already been taken care of in the original code. And for the ipv6 code: diff -uNr tcp_ipv6.c.org tcp_ipv6.c --- tcp_ipv6.c.org 2005-03-04 22:28:53.181183066 +0100 +++ tcp_ipv6.c 2005-03-04 22:32:56.425994913 +0100 @@ -138,8 +138,8 @@ int remaining = (high - low) + 1; int rover; + get_random_bytes(rover, sizeof(rover)); spin_lock(tcp_portalloc_lock); - rover = tcp_port_rover; do {rover++; if ((rover low) || (rover high)) rover = low; Folkert van Heusden Op zoek naar een IT of Finance baan? Mail me voor de mogelijkheden! +--+ |UNIX admin? Then give MultiTail (http://vanheusden.com/multitail/)| |a try, it brings monitoring logfiles to a different level! See| |http://vanheusden.com/multitail/features.html for a feature list. | +--= www.unixsoftware.nl =-+ Phone: +31-6-41278122, PGP-key: 1F28D8AE Get your PGP/GPG key signed at www.biglumber.com! signature.asc Description: Digital signature