lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list]
Message-Id: <20210901.103033.925382819044968737.davem@davemloft.net>
Date:   Wed, 01 Sep 2021 10:30:33 +0100 (BST)
From:   David Miller <davem@...emloft.net>
To:     yun.wang@...ux.alibaba.com
Cc:     paul@...l-moore.com, kuba@...nel.org, yoshfuji@...ux-ipv6.org,
        dsahern@...nel.org, netdev@...r.kernel.org,
        linux-security-module@...r.kernel.org, linux-kernel@...r.kernel.org
Subject: Re: [PATCH v2] net: fix NULL pointer reference in cipso_v4_doi_free

From: 王贇 <yun.wang@...ux.alibaba.com>
Date: Wed, 1 Sep 2021 09:51:28 +0800

> 
> 
> On 2021/8/31 下午9:48, Paul Moore wrote:
>> On Mon, Aug 30, 2021 at 10:42 PM 王贇 <yun.wang@...ux.alibaba.com> wrote:
>>> On 2021/8/31 上午12:50, Paul Moore wrote:
>>> [SNIP]
>>>>>>> Reported-by: Abaci <abaci@...ux.alibaba.com>
>>>>>>> Signed-off-by: Michael Wang <yun.wang@...ux.alibaba.com>
>>>>>>> ---
>>>>>>>  net/netlabel/netlabel_cipso_v4.c | 4 ++--
>>>>>>>  1 file changed, 2 insertions(+), 2 deletions(-)
>>>>>>
>>>>>> I see this was already merged, but it looks good to me, thanks for
>>>>>> making those changes.
>>>>>
>>>>> FWIW it looks like v1 was also merged:
>>>>>
>>>>> https://git.kernel.org/pub/scm/linux/kernel/git/netdev/net.git/commit/?id=733c99ee8b
>>>>
>>>> Yeah, that is unfortunate, there was a brief discussion about that
>>>> over on one of the -stable patches for the v1 patch (odd that I never
>>>> saw a patchbot post for the v1 patch?).  Having both merged should be
>>>> harmless, but we want to revert the v1 patch as soon as we can.
>>>> Michael, can you take care of this?
>>>
>>> As v1 already merged, may be we could just goon with it?
>>>
>>> Actually both working to fix the problem, v1 will cover all the
>>> cases, v2 take care one case since that's currently the only one,
>>> but maybe there will be more in future.
>> 
>> No.  Please revert v1 and stick with the v2 patch.  The v1 patch is in
>> my opinion a rather ugly hack that addresses the symptom of the
>> problem and not the root cause.
>> 
>> It isn't your fault that both v1 and v2 were merged, but I'm asking
>> you to help cleanup the mess.  If you aren't able to do that please
>> let us know so that others can fix this properly.
> 
> No problem I can help on that, just try to make sure it's not a
> meaningless work.
> 
> So would it be fine to send out a v3 which revert v1 and apply v2?

Please don't do things this way just send the relative change.

Thanks.

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ