lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list] 
Date:	Mon, 12 Oct 2009 16:29:53 -0700
From:	"Templin, Fred L" <Fred.L.Templin@...ing.com>
To:	Greg KH <greg@...ah.com>, David Miller <davem@...emloft.net>
CC:	"contact@...chahlusiak.de" <contact@...chahlusiak.de>,
	"yoshfuji@...ux-ipv6.org" <yoshfuji@...ux-ipv6.org>,
	"gregkh@...e.de" <gregkh@...e.de>,
	"linux-kernel@...r.kernel.org" <linux-kernel@...r.kernel.org>,
	"stable@...nel.org" <stable@...nel.org>,
	"akpm@...ux-foundation.org" <akpm@...ux-foundation.org>,
	"torvalds@...ux-foundation.org" <torvalds@...ux-foundation.org>,
	"stable-review@...nel.org" <stable-review@...nel.org>,
	"alan@...rguk.ukuu.org.uk" <alan@...rguk.ukuu.org.uk>
Subject: RE: [stable] [patch 37/37] sit: fix off-by-one
 	inipip6_tunnel_get_prl

Greg,

> -----Original Message-----
> From: Greg KH [mailto:greg@...ah.com]
> Sent: Monday, October 12, 2009 3:05 PM
> To: David Miller
> Cc: Templin, Fred L; contact@...chahlusiak.de; yoshfuji@...ux-ipv6.org; gregkh@...e.de; linux-
> kernel@...r.kernel.org; stable@...nel.org; akpm@...ux-foundation.org; torvalds@...ux-foundation.org;
> stable-review@...nel.org; alan@...rguk.ukuu.org.uk
> Subject: Re: [stable] [patch 37/37] sit: fix off-by-one inipip6_tunnel_get_prl
> 
> On Fri, Oct 09, 2009 at 08:42:31PM -0700, David Miller wrote:
> > From: "Templin, Fred L" <Fred.L.Templin@...ing.com>
> > Date: Fri, 9 Oct 2009 17:34:49 -0700
> >
> > > Wait a moment - I remember now that this code came
> > > from Yoshifuji, and I believe there was a reason for
> > > the cmax+1. The application is expected to know this
> > > and to post a large enough buffer.
> > >
> > > Can we put this on hold until I have had a chance to
> > > check my e-mail archives and my local iproute changes
> > > (will respond on monday)?
> >
> > Sure, we can keep it out of -stable for now.
> >
> > But it is in Linus's tree so if you find we shouldn't do this
> > you'll need to send me a revert for net-2.6
> >
> > Otherwise if it's good, you'll have to remind me to resubmit
> > it to -stable.
> 
> Ah crap, I just commited it.
> 
> Is it really broken?  If so, I'll go revert it and cut a new release.
> 
> Sorry about this.

As I just mentioned to David, I tested and the patch is
good. To test, I allocated a buffer in the application
that was too small to hold the entire PRL. Without the
patch, the system crashes. With the patch, the kernel
returns the maximum number of PRL entries without
crashing and without overrunning the application's buffer.

Please apply the patch if you have not already done so.

Fred
fred.l.templin@...ing.com

> greg k-h
--
To unsubscribe from this list: send the line "unsubscribe linux-kernel" in
the body of a message to majordomo@...r.kernel.org
More majordomo info at  http://vger.kernel.org/majordomo-info.html
Please read the FAQ at  http://www.tux.org/lkml/

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ