lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list] 
Message-Id: <20080912.161711.206773065.davem@davemloft.net>
Date:	Fri, 12 Sep 2008 16:17:11 -0700 (PDT)
From:	David Miller <davem@...emloft.net>
To:	acme@...hat.com
Cc:	vegard.nossum@...il.com, netdev@...r.kernel.org,
	penberg@...helsinki.fi, mingo@...e.hu, linux-kernel@...r.kernel.org
Subject: Re: [PATCH 2.6.28] tcp_ipv6: fix use of uninitialized memory

From: Arnaldo Carvalho de Melo <acme@...hat.com>
Date: Fri, 12 Sep 2008 09:44:05 -0300

> Em Fri, Sep 12, 2008 at 09:05:25AM +0200, Vegard Nossum escreveu:
> > >From 6544c4074aa5dde2e3f4d3e02f5601c1c33b770e Mon Sep 17 00:00:00 2001
> > From: Vegard Nossum <vegard.nossum@...il.com>
> > Date: Tue, 9 Sep 2008 07:17:32 +0200
> > Subject: [PATCH] tcp_ipv6: fix use of uninitialized memory
> > 
> > inet6_rsk() is called on a struct request_sock * before we
> > have checked whether the socket is an ipv6 socket or a ipv6-
> > mapped ipv4 socket. The access that triggers this is the
> > inet_rsk(rsk)->inet6_rsk_offset dereference in inet6_rsk().
> > 
> > This is arguably not a critical error as the inet6_rsk_offset
> > is only used to compute a pointer which is never really used
> > (in the code path in question) anyway. But it might be a
> > latent error, so let's fix it.
> > 
> > Spotted by kmemcheck.
> 
> Humm, so this was poisoned at allocation and then when inet6_rsk_offset
> was accessed it noticed, interesting, thanks!
> 
> Acked-by: Arnaldo Carvalho de Melo <acme@...hat.com>

Good find :)  I'll add this to net-next-2.6, thanks!
--
To unsubscribe from this list: send the line "unsubscribe linux-kernel" in
the body of a message to majordomo@...r.kernel.org
More majordomo info at  http://vger.kernel.org/majordomo-info.html
Please read the FAQ at  http://www.tux.org/lkml/

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ