lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [<thread-prev] [day] [month] [year] [list] 
Date:   Mon, 12 Feb 2018 11:19:31 -0500 (EST)
From:   David Miller <davem@...emloft.net>
To:     lucien.xin@...il.com
Cc:     netdev@...r.kernel.org, shemminger@...ux-foundation.org
Subject: Re: [PATCH net] bridge: check brport attr show in brport_show

From: Xin Long <lucien.xin@...il.com>
Date: Mon, 12 Feb 2018 17:15:40 +0800

> Now br_sysfs_if file flush doesn't have attr show. To read it will
> cause kernel panic after users chmod u+r this file.
> 
> Xiong found this issue when running the commands:
> 
>   ip link add br0 type bridge
>   ip link add type veth
>   ip link set veth0 master br0
>   chmod u+r /sys/devices/virtual/net/veth0/brport/flush
>   timeout 3 cat /sys/devices/virtual/net/veth0/brport/flush
> 
> kernel crashed with NULL a pointer dereference call trace.
> 
> This patch is to fix it by return -EINVAL when brport_attr->show
> is null, just the same as the check for brport_attr->store in
> brport_store().
> 
> Fixes: 9cf637473c85 ("bridge: add sysfs hook to flush forwarding table")
> Reported-by: Xiong Zhou <xzhou@...hat.com>
> Signed-off-by: Xin Long <lucien.xin@...il.com>

Applied and queued up for -stable, thank you.

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ