HomeFreeBSD

MFC r337775:

Description

MFC r337775:

Improve hashing of IPv4 fragments.

Currently, IPv4 fragments are hashed into buckets based on a 32-bit
key which is calculated by (src_ip ^ ip_id) and combined with a random
seed. However, because an attacker can control the values of src_ip
and ip_id, it is possible to construct an attack which causes very
deep chains to form in a given bucket.

To ensure more uniform distribution (and lower predictability for
an attacker), calculate the hash based on a key which includes all
the fields we use to identify a reassembly queue (dst_ip, src_ip,
ip_id, and the ip protocol) as well as a random seed.

Security: FreeBSD-SA-18:10.ip
Security: CVE-2018-6923

Details

Provenance
jtlAuthored on
Parents
rS337788: Update the inet(4) and inet6(4) man pages to reflect the changes made
Branches
Unknown
Tags
Unknown