lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
Open Source and information security mailing list archives
| ||
|
Date: Thu, 8 Sep 2011 10:43:53 +0200 From: Sedat Dilek <sedat.dilek@...glemail.com> To: Jiri Slaby <jirislaby@...il.com> Cc: Eric Dumazet <eric.dumazet@...il.com>, "Yan, Zheng" <zheng.z.yan@...el.com>, Tim Chen <tim.c.chen@...ux.intel.com>, "Yan, Zheng" <yanzheng@...n.com>, "netdev@...r.kernel.org" <netdev@...r.kernel.org>, "davem@...emloft.net" <davem@...emloft.net>, "sfr@...b.auug.org.au" <sfr@...b.auug.org.au>, "Shi, Alex" <alex.shi@...el.com>, Valdis Kletnieks <Valdis.Kletnieks@...edu> Subject: Re: [PATCH -next v2] unix stream: Fix use-after-free crashes On Thu, Sep 8, 2011 at 9:56 AM, Jiri Slaby <jirislaby@...il.com> wrote: > On 09/08/2011 09:11 AM, Eric Dumazet wrote: >> Le jeudi 08 septembre 2011 à 14:22 +0800, Yan, Zheng a écrit : >> >>> I don't think so. unix_scm_to_skb() calls unix_attach_fds(), it >>> always duplicates scm->fp. >> >> What a mess. This code is a nightmare. >> >> Part of the mess comes from scm_destroy() and scm_release() duplication. >> >> We should have scm_destroy() only, as before, and NULLify scm->pid/cred >> in unix_scm_to_skb() when we steal references. > > This patch works for me. I haven't tried the out_err fixup from the > followup, but I assume I won't spot a difference as those are fail paths > anyway... > > thanks, > -- > js > I have tested the same patch here (before shopping, but can test the "final" patch, too.). - Sedat - -- To unsubscribe from this list: send the line "unsubscribe netdev" in the body of a message to majordomo@...r.kernel.org More majordomo info at http://vger.kernel.org/majordomo-info.html
Powered by blists - more mailing lists