| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
Date: Fri, 15 Feb 2013 13:56:00 -0500 (EST) From: David Miller <davem@...emloft.net> To: hannes@...essinduktion.org Cc: eric.dumazet@...il.com, tt.rantala@...il.com, netdev@...r.kernel.org, davej@...hat.com, xemul@...allels.com Subject: Re: [PATCH] net: fix infinite loop in __skb_recv_datagram() From: Hannes Frederic Sowa <hannes@...essinduktion.org> Date: Fri, 15 Feb 2013 13:41:41 +0100 > On Tue, Feb 12, 2013 at 04:07:33PM -0500, David Miller wrote: >> From: Eric Dumazet <eric.dumazet@...il.com> >> Date: Tue, 12 Feb 2013 08:16:53 -0800 >> >> > From: Eric Dumazet <edumazet@...gle.com> >> > >> > Tommi was fuzzing with trinity and reported the following problem : >> > >> > commit 3f518bf745 (datagram: Add offset argument to __skb_recv_datagram) >> > missed that a raw socket receive queue can contain skbs with no payload. >> > >> > We can loop in __skb_recv_datagram() with MSG_PEEK mode, because >> > wait_for_packet() is not prepared to skip these skbs. >> ... >> > Reported-by: Tommi Rantala <tt.rantala@...il.com> >> > Tested-by: Tommi Rantala <tt.rantala@...il.com> >> > Signed-off-by: Eric Dumazet <edumazet@...gle.com> >> >> Applied, thanks. > > This issue got a CVE: http://seclists.org/oss-sec/2013/q1/310 > Perhaps it's something that should go to stable? It's already queued up in my -stable queue. -- To unsubscribe from this list: send the line "unsubscribe netdev" in the body of a message to majordomo@...r.kernel.org More majordomo info at http://vger.kernel.org/majordomo-info.html
Powered by blists - more mailing lists