lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [<thread-prev] [day] [month] [year] [list] 
Date:   Mon, 02 Jul 2018 20:34:52 +0900 (KST)
From:   David Miller <davem@...emloft.net>
To:     sd@...asysnail.net
Cc:     netdev@...r.kernel.org, sbrivio@...hat.com,
        steffen.klassert@...unet.com
Subject: Re: [PATCH net] net: fix use-after-free in GRO with ESP

From: Sabrina Dubroca <sd@...asysnail.net>
Date: Sat, 30 Jun 2018 17:38:55 +0200

> Since the addition of GRO for ESP, gro_receive can consume the skb and
> return -EINPROGRESS. In that case, the lower layer GRO handler cannot
> touch the skb anymore.
> 
> Commit 5f114163f2f5 ("net: Add a skb_gro_flush_final helper.") converted
> some of the gro_receive handlers that can lead to ESP's gro_receive so
> that they wouldn't access the skb when -EINPROGRESS is returned, but
> missed other spots, mainly in tunneling protocols.
> 
> This patch finishes the conversion to using skb_gro_flush_final(), and
> adds a new helper, skb_gro_flush_final_remcsum(), used in VXLAN and
> GUE.
> 
> Fixes: 5f114163f2f5 ("net: Add a skb_gro_flush_final helper.")
> Signed-off-by: Sabrina Dubroca <sd@...asysnail.net>
> Reviewed-by: Stefano Brivio <sbrivio@...hat.com>

Applied and queued up for -stable, thank you.

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ