lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
Open Source and information security mailing list archives
| ||
|
Date: Sat, 25 Mar 2017 01:30:29 +0100 From: Solar Designer <solar@...nwall.com> To: Eric Dumazet <eric.dumazet@...il.com> Cc: David Miller <davem@...emloft.net>, netdev <netdev@...r.kernel.org>, Andrey Konovalov <andreyknvl@...gle.com>, Eric Dumazet <edumazet@...gle.com> Subject: Re: [PATCH net] ping: implement proper locking On Fri, Mar 24, 2017 at 04:29:45PM -0700, Eric Dumazet wrote: > From: Eric Dumazet <edumazet@...gle.com> > > We got a report of yet another bug in ping > > http://www.openwall.com/lists/oss-security/2017/03/24/6 > > ->disconnect() is not called with socket lock held. > > Fix this by acquiring ping rwlock earlier. > > Thanks to Alexander and Andrey for letting us know of this problem. > > Fixes: c319b4d76b9e ("net: ipv4: add IPPROTO_ICMP socket kind") > Reported-by: Solar Designer <solar@...nwall.com> > Reported-by: Andrey Konovalov <andreyknvl@...gle.com> We should credit the original reporter, who most likely found this by fuzzing. It's danieljiang0415 on GitHub and Twitter. Unfortunately, I don't know their e-mail address. I'll try asking. Alexander
Powered by blists - more mailing lists