Hi Everyone, Currently in tcp_rcv(), it seems that both unencrypted and encrypted packets can be processed even when key/master_key is set.
After the key is set, which means all packets going out will be encrypted, to respond to the unencrypted packets with encrypted packets doesn't seem normal, from my point of view. Besides, it may cause some potential security issues if the local node can still receive unencrypted packets after the key is set, such as the CVE one fixed by: fa40d9734a57 ("tipc: fix size validations for the MSG_CRYPTO type") So I'm thinking of only accepting the encrypted packets if any key is set on the local node. But I'm not sure if we have any other cases needing it to accept both kinds of packets, anyone know? Tuong? Thanks. _______________________________________________ tipc-discussion mailing list tipc-discussion@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/tipc-discussion