| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
Date: Wed, 30 Jun 2021 11:54:01 +0200
From: Florian Westphal <fw@...len.de>
To: Vasily Averin <vvs@...tuozzo.com>
Cc: Pablo Neira Ayuso <pablo@...filter.org>,
Jozsef Kadlecsik <kadlec@...filter.org>,
Florian Westphal <fw@...len.de>,
netfilter-devel@...r.kernel.org, coreteam@...filter.org,
linux-kernel@...r.kernel.org
Subject: Re: [PATCH NETFILTER] netfilter: gre: nf_ct_gre_keymap_flush()
removal
Vasily Averin <vvs@...tuozzo.com> wrote:
> nf_ct_gre_keymap_flush() is useless.
> It is called from nf_conntrack_cleanup_net_list() only and tries to remove
> nf_ct_gre_keymap entries from pernet gre keymap list. Though:
> a) at this point the list should already be empty, all its entries were
> deleted during the conntracks cleanup, because
> nf_conntrack_cleanup_net_list() executes nf_ct_iterate_cleanup(kill_all)
> before nf_conntrack_proto_pernet_fini():
> nf_conntrack_cleanup_net_list
> +- nf_ct_iterate_cleanup
> | nf_ct_put
> | nf_conntrack_put
> | nf_conntrack_destroy
> | destroy_conntrack
> | destroy_gre_conntrack
> | nf_ct_gre_keymap_destroy
> `- nf_conntrack_proto_pernet_fini
> nf_ct_gre_keymap_flush
>
> b) Let's say we find that the keymap list is not empty. This means netns
> still has a conntrack associated with gre, in which case we should not free
> its memory, because this will lead to a double free and related crashes.
> However I doubt it could have gone unnoticed for years, obviously
> this does not happen in real life. So I think we can remove
> both nf_ct_gre_keymap_flush() and nf_conntrack_proto_pernet_fini().
Acked-by: Florian Westphal <fw@...len.de>
Powered by blists - more mailing lists