lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list] 
Date:	Sun, 28 Aug 2011 15:34:19 +0300
From:	Stratos Psomadakis <psomas@...too.org>
To:	Greg KH <gregkh@...e.de>
CC:	linux-kernel@...r.kernel.org, stable@...nel.org,
	stable-review@...nel.org, torvalds@...ux-foundation.org,
	akpm@...ux-foundation.org, alan@...rguk.ukuu.org.uk
Subject: Re: [00/19] 2.6.32.46-longterm review

On 08/27/2011 01:01 AM, Greg KH wrote:
> This is the start of the longterm review cycle for the 2.6.32.46 release.
> There are 19 patches in this series, all will be posted as a response
> to this one.  If anyone has any issues with these being applied, please
> let us know.  If anyone is a maintainer of the proper subsystem, and
> wants to add a Signed-off-by: line to the patch, please respond with it.
>
> Responses should be made by Monday, August 29, 2011, 12:00:00 UTC.
> Anything received after that time might be too late.
>
> The whole patch series can be found in one patch at:
> 	kernel.org/pub/linux/kernel/v2.6/longterm-review/patch-2.6.32.46-rc1.gz
> and the diffstat can be found below.
>
> thanks,
>
> greg k-h
Hi,

upstream commit d5aa407f59f5b83d2c50ec88f5bf56d40f1f8978 ("tunnels: fix
netns vs proto registration ordering") , which was included in
2.6.32.44-longterm, was not backported correctly, and results in a NULL
pointer dereference in ip6_tunnel.c for longterm kernels 2.6.32.44 and
2.6.32.45.

The bug has been reported at the Gentoo [1] and Debian [2] bugzillas,
and fixed in the latest grsec-patches [3], but I haven't found a report
for this at the lkml (or at the kernel's bugzilla).

The fix is trivial, and I think it can be included in 2.6.32.46, if
possible.
If you want, I can submit it with a new email to stable@...nel.org.

diff --git a/net/ipv6/ip6_tunnel.c b/net/ipv6/ip6_tunnel.c
index 7fb3e02..53e0d51 100644
--- a/net/ipv6/ip6_tunnel.c
+++ b/net/ipv6/ip6_tunnel.c
@@ -1466,7 +1466,7 @@ static int __init ip6_tunnel_init(void)
 {
        int  err;
 
-       err = register_pernet_device(&ip6_tnl_net_ops);
+       err = register_pernet_gen_device(&ip6_tnl_net_id, &ip6_tnl_net_ops);
        if (err < 0)
                goto out_pernet;

Btw, this has been fixed in grsec-patches, and an identical patch has
also been posted at the Debian bugzilla, so I'm not sure about the
Signed-off-by and Reported-by tags.

[1] https://bugs.gentoo.org/show_bug.cgi?id=380609
[2] http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=633738
[3] http://grsecurity.net/changelog-stable.txt

-- 
Stratos Psomadakis
<psomas@...too.org>

--
To unsubscribe from this list: send the line "unsubscribe linux-kernel" in
the body of a message to majordomo@...r.kernel.org
More majordomo info at  http://vger.kernel.org/majordomo-info.html
Please read the FAQ at  http://www.tux.org/lkml/

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ