| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
Date: Fri, 17 Apr 2015 10:31:38 +0200 From: Daniel Borkmann <daniel@...earbox.net> To: Eric Dumazet <eric.dumazet@...il.com>, David Miller <davem@...emloft.net> CC: netdev <netdev@...r.kernel.org> Subject: Re: [PATCH net] inet_diag: fix access to tcp cc information On 04/17/2015 03:10 AM, Eric Dumazet wrote: > From: Eric Dumazet <edumazet@...gle.com> > > Two different problems are fixed here : > > 1) inet_sk_diag_fill() might be called without socket lock held. > icsk->icsk_ca_ops can change under us and module be unloaded. > -> Access to freed memory. > Fix this using rcu_read_lock() to prevent module unload. > > 2) Some TCP Congestion Control modules provide information > but again this is not safe against icsk->icsk_ca_ops > change and nla_put() errors were ignored. Some sockets > could not get the additional info if skb was almost full. > > Fix this by returning a status from get_info() handlers and > using rcu protection as well. > > Signed-off-by: Eric Dumazet <edumazet@...gle.com> Thanks Eric! Acked-by: Daniel Borkmann <daniel@...earbox.net> -- To unsubscribe from this list: send the line "unsubscribe netdev" in the body of a message to majordomo@...r.kernel.org More majordomo info at http://vger.kernel.org/majordomo-info.html
Powered by blists - more mailing lists