lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [<thread-prev] [day] [month] [year] [list] 
Date:	Fri, 15 Feb 2013 09:30:29 +0100
From:	Antonio Quartulli <ordex@...istici.org>
To:	Pau Koning <paukoning@...il.com>
Cc:	davem@...emloft.net, netdev@...r.kernel.org,
	b.a.t.m.a.n@...ts.open-mesh.org
Subject: Re: [PATCH] batman-adv: Fix NULL pointer dereference in DAT hash
 collision avoidance

On Tue, Feb 12, 2013 at 11:18:45AM +0100, Pau Koning wrote:
> An entry in DAT with the hashed position of 0 can cause a NULL pointer
> dereference when the first entry is checked by batadv_choose_next_candidate.
> This first candidate automatically has the max value of 0 and the max_orig_node
> of NULL. Not checking max_orig_node for NULL in batadv_is_orig_node_eligible
> will lead to a NULL pointer dereference when checking for the lowest address.
> 
> This problem was added in 785ea1144182c341b8b85b0f8180291839d176a8
> ("batman-adv: Distributed ARP Table - create DHT helper functions").
> 
> Signed-off-by: Pau Koning <paukoning@...il.com>


Hello Pau,

thank you very much for this fix, this was not an easy one!

However, next time please CC our mailing list as well (get_maintainer.pl will
give you all the needed addresses), otherwise it may be the case that we
overlook such patches and:
1) we don't review it
2) we don't merge it into our repository (which is where the real development
   goes on).

Both 1) and 2) happened with this patch and, in my humble opinion, it is not a
good idea to merge such delicate fixes without having a reply from the
maintainers.

Therefore, please keep us in the loop when sending patches. It would be really
appreciated.


Regards,

-- 
Antonio Quartulli

..each of us alone is worth nothing..
Ernesto "Che" Guevara

Content of type "application/pgp-signature" skipped

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ