| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
Date: Mon, 30 Oct 2017 10:30:29 -0700
From: Eric Dumazet <eric.dumazet@...il.com>
To: Dmitry Vyukov <dvyukov@...gle.com>
Cc: Thomas Gleixner <tglx@...utronix.de>,
syzbot
<bot+c0733f3aab92fc116dc1d10d8a25f5bf1f739eff@...kaller.appspotmail.com>,
John Stultz <john.stultz@...aro.org>,
LKML <linux-kernel@...r.kernel.org>, sboyd@...eaurora.org,
syzkaller-bugs@...glegroups.com, netdev <netdev@...r.kernel.org>,
Jason Wang <jasowang@...hat.com>,
David Miller <davem@...emloft.net>
Subject: Re: KASAN: use-after-free Write in detach_if_pending
On Mon, 2017-10-30 at 18:06 +0100, Dmitry Vyukov wrote:
> Yes, but hashes in random trees also don't tell much. A tree can be
> rebased so the hash will be lost. It can be a tree unknown to the
> system. Even if we find the commit by hash, in order to match it
> against other trees we will have to use the title anyway (or are there
> better options?), so using hashes becomes pointless.
We do not send hashes on random trees, but official SHA1 in David Miller
trees. They will be the same SHA1 in official Linus Torvalds tree.
Really, you make our life more difficult by pretending that hashes are
not the proper way.
They are reasons we use Fixes: tags all over the places, they are unique
in Linus tree.
Since syzbot gives a SHA1 itself, it must be using a tree, right ?
So a SHA1 that is guaranteed to enter the same tree is correct.
Please fix your bot.
Powered by blists - more mailing lists