[PATCH v2 00/19] Security, logging and reliability fixes
Ian Jackson
ijackson at chiark.greenend.org.uk
Thu Jun 21 04:22:40 BST 2012
Important fixes, posted already (commit message for the log truncation
lockup fix has more justification now):
01/19 SECURITY: actually reject messages with improper lengths
02/19 Makefile: honour EXTRA_CFLAGS, etc.
03/19 log: Eliminate potential out-of-control recursion
04/19 log: Print truncated messages
05/19 messages: add some missing newlines
One new bugfix:
06/19 site: transport peers: fix incorrect stride when debug output enabled
Previously posted improvements:
07/19 netlink: report why a packet is bad
08/19 netlink: abolish check_config and output_config
If no-one objects, I intend to push the changes up to here to master
some time soon.
The remaining patches are new. They fix a protocol design error which
could lead to two secnets disagreeing about which key they are trying
to use. It comes in roughly two sub-series, and I have tried to break
it up into nicely reviewable pieces. These need a lot more testing; I
intend to deploy them on xenophobe and zealot and see how they do.
09/19 site: Break out separate function for decrypting msg0
10/19 site: Remove pointless check from decrypt_msg0
11/19 site, transform: Do not initiate rekey when packets too much out of
12/19 site: Deal with losing peer's MSG6 - go to RUN on MSG0 with new key
13/19 site: Deal with losing our MSG6 - retransmit MSG6 when we see MSG5
14/19 transform: add ->valid() function
15/19 site: No longer track key validity ourselves
16/19 site: Move current_transform, _key_timeout and remote_session_id in
17/19 site: Generalise deletion and timeout of keys
18/19 site: Keep old keys, and allow them to be used by peer
19/19 site: When if our MSG5s (or peer's MSG6s) get lost, preserve the ke
More information about the sgo-software-discuss
mailing list