lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list]
Date:	Thu, 8 Sep 2011 10:43:53 +0200
From:	Sedat Dilek <sedat.dilek@...glemail.com>
To:	Jiri Slaby <jirislaby@...il.com>
Cc:	Eric Dumazet <eric.dumazet@...il.com>,
	"Yan, Zheng" <zheng.z.yan@...el.com>,
	Tim Chen <tim.c.chen@...ux.intel.com>,
	"Yan, Zheng" <yanzheng@...n.com>,
	"netdev@...r.kernel.org" <netdev@...r.kernel.org>,
	"davem@...emloft.net" <davem@...emloft.net>,
	"sfr@...b.auug.org.au" <sfr@...b.auug.org.au>,
	"Shi, Alex" <alex.shi@...el.com>,
	Valdis Kletnieks <Valdis.Kletnieks@...edu>
Subject: Re: [PATCH -next v2] unix stream: Fix use-after-free crashes

On Thu, Sep 8, 2011 at 9:56 AM, Jiri Slaby <jirislaby@...il.com> wrote:
> On 09/08/2011 09:11 AM, Eric Dumazet wrote:
>> Le jeudi 08 septembre 2011 à 14:22 +0800, Yan, Zheng a écrit :
>>
>>> I don't think so. unix_scm_to_skb() calls unix_attach_fds(), it
>>> always duplicates scm->fp.
>>
>> What a mess. This code is a nightmare.
>>
>> Part of the mess comes from scm_destroy() and scm_release() duplication.
>>
>> We should have scm_destroy() only, as before, and NULLify scm->pid/cred
>> in unix_scm_to_skb() when we steal references.
>
> This patch works for me. I haven't tried the out_err fixup from the
> followup, but I assume I won't spot a difference as those are fail paths
> anyway...
>
> thanks,
> --
> js
>

I have tested the same patch here (before shopping, but can test the
"final" patch, too.).

- Sedat -
--
To unsubscribe from this list: send the line "unsubscribe netdev" in
the body of a message to majordomo@...r.kernel.org
More majordomo info at  http://vger.kernel.org/majordomo-info.html

Powered by blists - more mailing lists