lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [day] [month] [year] [list]
Date:   Wed, 21 Feb 2018 01:51:02 -0800
From:   syzbot <syzbot+9df43faf09bd400f2993@...kaller.appspotmail.com>
To:     davem@...emloft.net, jchapman@...alix.com,
        linux-kernel@...r.kernel.org, netdev@...r.kernel.org,
        syzkaller-bugs@...glegroups.com
Subject: KASAN: use-after-free Read in pppol2tp_connect

Hello,

syzbot has tested the proposed patch and the reproducer did not trigger  
crash:

Reported-and-tested-by:  
syzbot+9df43faf09bd400f2993@...kaller.appspotmail.com

Note: the tag will also help syzbot to understand when the bug is fixed.

Tested on  
https://git.kernel.org/pub/scm/linux/kernel/git/davem/net.git/master commit
5ae437ad5a2ed573b1ebb04e0afa70b8869f88dd (Mon Feb 19 20:32:51 2018 +0000)
net: sched: report if filter is too large to dump

compiler: gcc (GCC) 7.1.1 20170620
Patch is attached.
Kernel config is attached.


---
There is no WARRANTY for the result, to the extent permitted by applicable  
law.
Except when otherwise stated in writing syzbot provides the result "AS IS"
without warranty of any kind, either expressed or implied, but not limited  
to,
the implied warranties of merchantability and fittness for a particular  
purpose.
The entire risk as to the quality of the result is with you. Should the  
result
prove defective, you assume the cost of all necessary servicing, repair or
correction.

View attachment "patch.diff" of type "text/plain" (5987 bytes)

View attachment "config.txt" of type "text/plain" (136511 bytes)

Powered by blists - more mailing lists