lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
Open Source and information security mailing list archives
| ||
|
Date: Mon, 29 Jul 2019 11:43:49 +0800 From: Jia-Ju Bai <baijiaju1990@...il.com> To: steffen.klassert@...unet.com, herbert@...dor.apana.org.au, davem@...emloft.net Cc: netdev@...r.kernel.org, linux-kernel@...r.kernel.org Subject: [BUG] net: xfrm: possible null-pointer dereferences in xfrm_policy() In xfrm_policy(), the while loop on lines 3802-3830 ends when dst->xfrm is NULL. Then, dst->xfrm is used on line 3840: xfrm_state_mtu(dst->xfrm, mtu); if (x->km.state != XFRM_STATE_VALID...) aead = x->data; Thus, possible null-pointer dereferences may occur. These bugs are found by a static analysis tool STCheck written by us. I do not know how to correctly fix these bugs, so I only report them. Best wishes, Jia-Ju Bai
Powered by blists - more mailing lists