| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
Date: Wed, 28 Sep 2016 11:08:05 +0800
From: Liping Zhang <zlpnobody@...il.com>
To: Feng Gao <gfree.wind@...il.com>
Cc: Aaron Conole <aconole@...heb.org>,
Netfilter Developer Mailing List
<netfilter-devel@...r.kernel.org>,
Linux Kernel Network Developers <netdev@...r.kernel.org>,
Florian Westphal <fw@...len.de>,
Pablo Neira Ayuso <pablo@...filter.org>
Subject: Re: [PATCH nf-next v2 1/2] netfilter: Fix potential null pointer dereference
Hi Feng,
2016-09-28 9:23 GMT+08:00 Feng Gao <gfree.wind@...il.com>:
> Hi Aaraon,
>
> On Tue, Sep 27, 2016 at 9:38 PM, Aaron Conole <aconole@...heb.org> wrote:
>> It's possible for nf_hook_entry_head to return NULL if two
>> nf_unregister_net_hook calls happen simultaneously with a single hook
>
> The critical region of nf_unregister_net_hook is protected by &nf_hook_mutex.
> When it would be called simultaneously?
This is unrelated to race condition.
Suppose that only the last nf_hook_entry exist, and two callers want to do
un-register work.
The first one will remove it successfully, after the end of the work, the
second one will enter the critical section, but it will see the NULL pointer.
Because the last nf_hook_entry was already removed by the first one.
>
> Regards
> Feng
>
>> entry in the list. This fix ensures that no null pointer dereference
>> could occur when such a race happens.
>>
>> Signed-off-by: Aaron Conole <aconole@...heb.org>
Powered by blists - more mailing lists