Re: Bug#299875: ppp: out-of-memory 30min after LCP terminated by peer
CAN-2005-0384 is fixed in kernel-source-2.6.8 2.6.8-15 and will be fixed in kernel-source-2.4.27 2.6.8-9 -- Horms -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of unsubscribe. Trouble? Contact [EMAIL PROTECTED]
Bug#299875: ppp: out-of-memory 30min after LCP terminated by peer
hi again, sorry for the delay, but the bug triggers only when the remote peer disconnects me - and it does it only once a day. Marco d'Itri wrote: reassign 299875 kernel retitle 299875 CAN-2005-0384: Remote Linux DoS on ppp servers tag 299875 patch security yes, it really looks like a pppd DoS, but as i suspected, things are a bit different here: - pppoe receives PADT from peer - pppd in turn gets LCP terminated by peer - pppd tries to re-establish the connection, says Starting link in the logfile [1] and then just hangs. i have to re-adjust the subject line, because OOM was triggered by something else, *because* pppd did not succeed to re-establish the connection. but oom is totally unrelated here (and fixed on my system). but still: pppd hangs and is only killable via kill -9. but it is *NOT* a cpu hog as stated by Paul Mackerras. i've strace'd the hanging pppd: http://nerdbynature.de/bits/sheep/2.6.11/oom/pppd_2.6.11.4.log (the very first line is the only one i get from just doing strace -p `pidof pppd`, then i did killall pppd, then with -9) to summarise: i've noticed the pppd behaviour first with 2.6.11, then with 2.6.11-rc5-bk2, now with 2.6.11.3 and 2.6.11.4. downgrading to ppp_2.4.2+20040428-6_i386 solves it. thank you for your time, Christian. PS: i'll close the issue i reported on lkml: http://www.ussg.iu.edu/hypermail/linux/kernel/0503.2/0316.html [1] http://nerdbynature.de/bits/sheep/2.6.11/oom/oom_2.6.11.3.txt -- BOFH excuse #139: UBNC (user brain not connected) -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of unsubscribe. Trouble? Contact [EMAIL PROTECTED]
Bug#299875: ppp: out-of-memory 30min after LCP terminated by peer
Okay. Do I correctly understand that kernel patch + downgrade solves your problem? And, if you have *just* the kernel patch, /usr/sbin/pppd hangs, but doesn't crash the system? Thanks, Justin -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of unsubscribe. Trouble? Contact [EMAIL PROTECTED]
Bug#299875: ppp: out-of-memory 30min after LCP terminated by peer
On Mar 20, Christian Kujau [EMAIL PROTECTED] wrote: - pppd tries to re-establish the connection, says Starting link in the logfile [1] and then just hangs. Weird. Maybe you hit something like #298657 and the other similar bugs. -- ciao, Marco signature.asc Description: Digital signature
Re: Bug#299875: ppp: out-of-memory 30min after LCP terminated by peer
reassign 299875 kernel
retitle 299875 CAN-2005-0384: Remote Linux DoS on ppp servers
tag 299875 patch security
thanks
Paul Mackerras says that this bug affects all kernels (2.4 and 2.6) and
can be easily triggered remotely, but is only a CPU DoS.
from 2.6.11.4:
diff -Nru a/drivers/net/ppp_async.c b/drivers/net/ppp_async.c
--- a/drivers/net/ppp_async.c 2005-03-15 16:09:59 -08:00
+++ b/drivers/net/ppp_async.c 2005-03-15 16:09:59 -08:00
@@ -1000,7 +1000,7 @@
data += 4;
dlen -= 4;
/* data[0] is code, data[1] is length */
- while (dlen = 2 dlen = data[1]) {
+ while (dlen = 2 dlen = data[1] data[1] = 2) {
switch (data[0]) {
case LCP_MRU:
val = (data[2] 8) + data[3];
--
ciao,
Marco
signature.asc
Description: Digital signature
Processed: Re: Bug#299875: ppp: out-of-memory 30min after LCP terminated by peer
Processing commands for [EMAIL PROTECTED]: reassign 299875 kernel Bug#299875: ppp: out-of-memory 30min after LCP terminated by peer Bug reassigned from package `ppp' to `kernel'. retitle 299875 CAN-2005-0384: Remote Linux DoS on ppp servers Bug#299875: ppp: out-of-memory 30min after LCP terminated by peer Changed Bug title. tag 299875 patch security Bug#299875: CAN-2005-0384: Remote Linux DoS on ppp servers There were no tags set. Tags added: patch, security thanks Stopping processing here. Please contact me if you need assistance. Debian bug tracking system administrator (administrator, Debian Bugs database) -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of unsubscribe. Trouble? Contact [EMAIL PROTECTED]
Bug#299875: ppp: out-of-memory 30min after LCP terminated by peer
Justin Pryzby wrote: I assume that you have seen this: http://kernel.org/pub/linux/kernel/v2.6/ChangeLog-2.6.11.4 yes i have*now*. obviously this was a security issue (CAN-2005-0384) and i *guess* that's why the issue was not discussed in public. what pity and what a waste of time in tracking this down when the security guys are already on it and release a fix out-of-the-box. If not .. tag patch:) In less than 100 lines, even! yes, 2.6.11.4 is out including this fix. Marco d'Itri commented: Paul Mackerras says that this bug affects all kernels (2.4 and 2.6) and can be easily triggered remotely, but is only a CPU DoS. --^ actually my problem was *not* about a CPU DoS but a (out-of)memory DoS. cpu was spinning normally. and i was not able to tell the exact kernel version when the problem started - instead my research led to the assumption that the new ppp package was to blame. well, i'm already compiling 2.6.11.4, i'll see what it gives. thank you for your concern, Christian. -- BOFH excuse #188: ..disk or the processor is on fire. -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of unsubscribe. Trouble? Contact [EMAIL PROTECTED]
