| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
Date: Fri, 20 Nov 2020 10:06:12 -0800
From: Jakub Kicinski <kuba@...nel.org>
To: Anmol Karn <anmol.karan123@...il.com>
Cc: ralf@...ux-mips.org, davem@...emloft.net, saeed@...nel.org,
gregkh@...uxfoundation.org, netdev@...r.kernel.org,
linux-kernel@...r.kernel.org, linux-hams@...r.kernel.org,
linux-kernel-mentees@...ts.linuxfoundation.org,
syzkaller-bugs@...glegroups.com,
syzbot+a1c743815982d9496393@...kaller.appspotmail.com
Subject: Re: [Linux-kernel-mentees] [PATCH v5 net] rose: Fix Null pointer
dereference in rose_send_frame()
On Fri, 20 Nov 2020 00:40:43 +0530 Anmol Karn wrote:
> rose_send_frame() dereferences `neigh->dev` when called from
> rose_transmit_clear_request(), and the first occurrence of the
> `neigh` is in rose_loopback_timer() as `rose_loopback_neigh`,
> and it is initialized in rose_add_loopback_neigh() as NULL.
> i.e when `rose_loopback_neigh` used in rose_loopback_timer()
> its `->dev` was still NULL and rose_loopback_timer() was calling
> rose_rx_call_request() without checking for NULL.
>
> - net/rose/rose_link.c
> This bug seems to get triggered in this line:
>
> rose_call = (ax25_address *)neigh->dev->dev_addr;
>
> Fix it by adding NULL checking for `rose_loopback_neigh->dev`
> in rose_loopback_timer().
>
> Fixes: 1da177e4c3f4 ("Linux-2.6.12-rc2")
> Suggested-by: Jakub Kicinski <kuba@...nel.org>
> Reported-by: syzbot+a1c743815982d9496393@...kaller.appspotmail.com
> Tested-by: syzbot+a1c743815982d9496393@...kaller.appspotmail.com
> Link: https://syzkaller.appspot.com/bug?id=9d2a7ca8c7f2e4b682c97578dfa3f236258300b3
> Signed-off-by: Anmol Karn <anmol.karan123@...il.com>
Applied to net, thanks!
Powered by blists - more mailing lists