lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list]
Date:   Wed,  1 Nov 2017 22:26:32 +0100
From:   Willy Tarreau <w@....eu>
To:     linux-kernel@...r.kernel.org, stable@...r.kernel.org,
        linux@...ck-us.net
Cc:     Eric Dumazet <edumazet@...gle.com>,
        Solar Designer <solar@...nwall.com>,
        Vasiliy Kulikov <segoon@...nwall.com>,
        Lorenzo Colitti <lorenzo@...gle.com>,
        "David S . Miller" <davem@...emloft.net>, Willy Tarreau <w@....eu>
Subject: [PATCH 3.10 091/139] net: ping: do not abuse udp_poll()

From: Eric Dumazet <edumazet@...gle.com>

commit 77d4b1d36926a9b8387c6b53eeba42bcaaffcea3 upstream.

Alexander reported various KASAN messages triggered in recent kernels

The problem is that ping sockets should not use udp_poll() in the first
place, and recent changes in UDP stack finally exposed this old bug.

Fixes: c319b4d76b9e ("net: ipv4: add IPPROTO_ICMP socket kind")
Fixes: 6d0bfe226116 ("net: ipv6: Add IPv6 support to the ping socket.")
Signed-off-by: Eric Dumazet <edumazet@...gle.com>
Reported-by: Sasha Levin <alexander.levin@...izon.com>
Cc: Solar Designer <solar@...nwall.com>
Cc: Vasiliy Kulikov <segoon@...nwall.com>
Cc: Lorenzo Colitti <lorenzo@...gle.com>
Acked-By: Lorenzo Colitti <lorenzo@...gle.com>
Tested-By: Lorenzo Colitti <lorenzo@...gle.com>
Signed-off-by: David S. Miller <davem@...emloft.net>
[wt: removed the parts related to ping6 as 6d0bfe226116 is not in 3.10]

Signed-off-by: Willy Tarreau <w@....eu>
---
 include/net/ipv6.h | 1 +
 net/ipv4/af_inet.c | 2 +-
 net/ipv6/raw.c     | 2 +-
 3 files changed, 3 insertions(+), 2 deletions(-)

diff --git a/include/net/ipv6.h b/include/net/ipv6.h
index 413e23b..1c96547c 100644
--- a/include/net/ipv6.h
+++ b/include/net/ipv6.h
@@ -822,6 +822,7 @@ extern int inet6_hash_connect(struct inet_timewait_death_row *death_row,
  */
 extern const struct proto_ops inet6_stream_ops;
 extern const struct proto_ops inet6_dgram_ops;
+extern const struct proto_ops inet6_sockraw_ops;
 
 struct group_source_req;
 struct group_filter;
diff --git a/net/ipv4/af_inet.c b/net/ipv4/af_inet.c
index 975c369..03610eb 100644
--- a/net/ipv4/af_inet.c
+++ b/net/ipv4/af_inet.c
@@ -1053,7 +1053,7 @@ static struct inet_protosw inetsw_array[] =
 		.type =       SOCK_DGRAM,
 		.protocol =   IPPROTO_ICMP,
 		.prot =       &ping_prot,
-		.ops =        &inet_dgram_ops,
+		.ops =        &inet_sockraw_ops,
 		.no_check =   UDP_CSUM_DEFAULT,
 		.flags =      INET_PROTOSW_REUSE,
        },
diff --git a/net/ipv6/raw.c b/net/ipv6/raw.c
index c7ce2be..a05e1f1 100644
--- a/net/ipv6/raw.c
+++ b/net/ipv6/raw.c
@@ -1319,7 +1319,7 @@ void raw6_proc_exit(void)
 #endif	/* CONFIG_PROC_FS */
 
 /* Same as inet6_dgram_ops, sans udp_poll.  */
-static const struct proto_ops inet6_sockraw_ops = {
+const struct proto_ops inet6_sockraw_ops = {
 	.family		   = PF_INET6,
 	.owner		   = THIS_MODULE,
 	.release	   = inet6_release,
-- 
2.8.0.rc2.1.gbe9624a

Powered by blists - more mailing lists