| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
Date: Mon, 30 Oct 2017 20:53:37 -0700
From: Eric Dumazet <eric.dumazet@...il.com>
To: David Ahern <dsahern@...il.com>
Cc: netdev <netdev@...r.kernel.org>
Subject: [BUG ?] ipv6: addrconf: Adds a missing in6_ifa_hold()
David, I was looking at addrconf_permanent_addr() and wondered
if there is not some problem with it.
It seems we need to increment ifp refcount before calling
ipv6_del_addr()
Could you double check if this patch is needed, I am guessing you have a
test suite exercising this code path ?
Thanks.
PS : Presumably CONFIG_REFCOUNT_FULL=y should have warned you of the
problem.
diff --git a/net/ipv6/addrconf.c b/net/ipv6/addrconf.c
index 4a96ebbf8eda5f59a6ff88e836d666a404d2bf0d..8a1c846d3df949a4638589f187120db22a3525ba 100644
--- a/net/ipv6/addrconf.c
+++ b/net/ipv6/addrconf.c
@@ -3335,6 +3335,7 @@ static void addrconf_permanent_addr(struct net_device *dev)
if ((ifp->flags & IFA_F_PERMANENT) &&
fixup_permanent_addr(idev, ifp) < 0) {
write_unlock_bh(&idev->lock);
+ in6_ifa_hold(ifp);
ipv6_del_addr(ifp);
write_lock_bh(&idev->lock);
Powered by blists - more mailing lists