| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
Message-ID: <CACT4Y+ZPvO-nEMJsHvzm9zPOdB803Eh9+UO_E++Wx6xBxw=mLA@mail.gmail.com>
Date: Wed, 20 Dec 2017 12:59:43 +0100
From: Dmitry Vyukov <dvyukov@...gle.com>
To: Stephan Mueller <smueller@...onox.de>
Cc: syzbot
<bot+e5e6fab2d4dc3d9877ac240fed364027bb960ad0@...kaller.appspotmail.com>,
David Miller <davem@...emloft.net>,
Herbert Xu <herbert@...dor.apana.org.au>,
linux-crypto@...r.kernel.org, LKML <linux-kernel@...r.kernel.org>,
syzkaller-bugs@...glegroups.com
Subject: Re: KASAN: use-after-free Read in crypto_aead_free_instance
On Wed, Dec 20, 2017 at 12:49 PM, Stephan Mueller <smueller@...onox.de> wrote:
> Am Mittwoch, 20. Dezember 2017, 11:15:38 CET schrieb Dmitry Vyukov:
>
> Hi Dmitry,
>
>>
>> What will be its meaning? How will it differ from fix?
>
> Maybe a short clarification would help: what is the meaning of the syz fix
> marker?
It's described here:
https://github.com/google/syzkaller/blob/master/docs/syzbot.md#bug-status-tracking
> Depending on this answer, all that I am thinking of is to mark bug
> reports for which there are fixes actively discussed, but yet not integrated.
> Thus, such marker should only help others to point them to active discussions
> instead of them trying to find fixes alone.
If it's only for humans, then there is no need to make a special
machine-readable command for this.
So basically what you wrote above is good:
> This issue vanishes after applying the patch "[PATCH v2] crypto: AF_ALG - limit mask and type".
I just didn't understand that's still pending (but perhaps that's what
you meant by including "[PATCH v2]" part).
Powered by blists - more mailing lists