lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
Open Source and information security mailing list archives
| ||
|
Date: Wed, 1 Nov 2017 22:26:32 +0100 From: Willy Tarreau <w@....eu> To: linux-kernel@...r.kernel.org, stable@...r.kernel.org, linux@...ck-us.net Cc: Eric Dumazet <edumazet@...gle.com>, Solar Designer <solar@...nwall.com>, Vasiliy Kulikov <segoon@...nwall.com>, Lorenzo Colitti <lorenzo@...gle.com>, "David S . Miller" <davem@...emloft.net>, Willy Tarreau <w@....eu> Subject: [PATCH 3.10 091/139] net: ping: do not abuse udp_poll() From: Eric Dumazet <edumazet@...gle.com> commit 77d4b1d36926a9b8387c6b53eeba42bcaaffcea3 upstream. Alexander reported various KASAN messages triggered in recent kernels The problem is that ping sockets should not use udp_poll() in the first place, and recent changes in UDP stack finally exposed this old bug. Fixes: c319b4d76b9e ("net: ipv4: add IPPROTO_ICMP socket kind") Fixes: 6d0bfe226116 ("net: ipv6: Add IPv6 support to the ping socket.") Signed-off-by: Eric Dumazet <edumazet@...gle.com> Reported-by: Sasha Levin <alexander.levin@...izon.com> Cc: Solar Designer <solar@...nwall.com> Cc: Vasiliy Kulikov <segoon@...nwall.com> Cc: Lorenzo Colitti <lorenzo@...gle.com> Acked-By: Lorenzo Colitti <lorenzo@...gle.com> Tested-By: Lorenzo Colitti <lorenzo@...gle.com> Signed-off-by: David S. Miller <davem@...emloft.net> [wt: removed the parts related to ping6 as 6d0bfe226116 is not in 3.10] Signed-off-by: Willy Tarreau <w@....eu> --- include/net/ipv6.h | 1 + net/ipv4/af_inet.c | 2 +- net/ipv6/raw.c | 2 +- 3 files changed, 3 insertions(+), 2 deletions(-) diff --git a/include/net/ipv6.h b/include/net/ipv6.h index 413e23b..1c96547c 100644 --- a/include/net/ipv6.h +++ b/include/net/ipv6.h @@ -822,6 +822,7 @@ extern int inet6_hash_connect(struct inet_timewait_death_row *death_row, */ extern const struct proto_ops inet6_stream_ops; extern const struct proto_ops inet6_dgram_ops; +extern const struct proto_ops inet6_sockraw_ops; struct group_source_req; struct group_filter; diff --git a/net/ipv4/af_inet.c b/net/ipv4/af_inet.c index 975c369..03610eb 100644 --- a/net/ipv4/af_inet.c +++ b/net/ipv4/af_inet.c @@ -1053,7 +1053,7 @@ static struct inet_protosw inetsw_array[] = .type = SOCK_DGRAM, .protocol = IPPROTO_ICMP, .prot = &ping_prot, - .ops = &inet_dgram_ops, + .ops = &inet_sockraw_ops, .no_check = UDP_CSUM_DEFAULT, .flags = INET_PROTOSW_REUSE, }, diff --git a/net/ipv6/raw.c b/net/ipv6/raw.c index c7ce2be..a05e1f1 100644 --- a/net/ipv6/raw.c +++ b/net/ipv6/raw.c @@ -1319,7 +1319,7 @@ void raw6_proc_exit(void) #endif /* CONFIG_PROC_FS */ /* Same as inet6_dgram_ops, sans udp_poll. */ -static const struct proto_ops inet6_sockraw_ops = { +const struct proto_ops inet6_sockraw_ops = { .family = PF_INET6, .owner = THIS_MODULE, .release = inet6_release, -- 2.8.0.rc2.1.gbe9624a
Powered by blists - more mailing lists