[PATCH v2 00/19] Security, logging and reliability fixes

Ian Jackson ijackson at chiark.greenend.org.uk
Thu Jun 21 04:22:40 BST 2012

Important fixes, posted already (commit message for the log truncation
lockup fix has more justification now):

 01/19 SECURITY: actually reject messages with improper lengths
 02/19 Makefile: honour EXTRA_CFLAGS, etc.
 03/19 log: Eliminate potential out-of-control recursion
 04/19 log: Print truncated messages
 05/19 messages: add some missing newlines

One new bugfix:

 06/19 site: transport peers: fix incorrect stride when debug output enabled

Previously posted improvements:

 07/19 netlink: report why a packet is bad
 08/19 netlink: abolish check_config and output_config

If no-one objects, I intend to push the changes up to here to master
some time soon.

The remaining patches are new.  They fix a protocol design error which
could lead to two secnets disagreeing about which key they are trying
to use.  It comes in roughly two sub-series, and I have tried to break
it up into nicely reviewable pieces.  These need a lot more testing; I
intend to deploy them on xenophobe and zealot and see how they do.

 09/19 site: Break out separate function for decrypting msg0
 10/19 site: Remove pointless check from decrypt_msg0
 11/19 site, transform: Do not initiate rekey when packets too much out of
 12/19 site: Deal with losing peer's MSG6 - go to RUN on MSG0 with new key
 13/19 site: Deal with losing our MSG6 - retransmit MSG6 when we see MSG5 

 14/19 transform: add ->valid() function
 15/19 site: No longer track key validity ourselves
 16/19 site: Move current_transform, _key_timeout and remote_session_id in
 17/19 site: Generalise deletion and timeout of keys
 18/19 site: Keep old keys, and allow them to be used by peer
 19/19 site: When if our MSG5s (or peer's MSG6s) get lost, preserve the ke

More information about the sgo-software-discuss mailing list