| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
Message-ID: <f3eb7ec0-99b0-0ed3-0ffc-5ea20436bd08@gmail.com>
Date: Mon, 27 Mar 2023 17:05:37 +0800
From: Hangyu Hua <hbh25y@...il.com>
To: Guenter Roeck <linux@...ck-us.net>
Cc: borisp@...dia.com, john.fastabend@...il.com, kuba@...nel.org,
davem@...emloft.net, edumazet@...gle.com, pabeni@...hat.com,
davejwatson@...com, aviadye@...lanox.com, ilyal@...lanox.com,
fw@...len.de, sd@...asysnail.net, netdev@...r.kernel.org,
linux-kernel@...r.kernel.org
Subject: Re: [PATCH v2] net: tls: fix possible race condition between
do_tls_getsockopt_conf() and do_tls_setsockopt_conf()
On 26/3/2023 22:12, Guenter Roeck wrote:
> Hi,
>
> On Tue, Feb 28, 2023 at 10:33:44AM +0800, Hangyu Hua wrote:
>> ctx->crypto_send.info is not protected by lock_sock in
>> do_tls_getsockopt_conf(). A race condition between do_tls_getsockopt_conf()
>> and do_tls_setsockopt_conf() can cause a NULL point dereference or
>> use-after-free read when memcpy.
>>
>> Please check the following link for pre-information:
>> https://lore.kernel.org/all/Y/ht6gQL+u6fj3dG@hog/
>>
>> Fixes: 3c4d7559159b ("tls: kernel TLS support")
>> Signed-off-by: Hangyu Hua <hbh25y@...il.com>
>
> This patch has been applied to v6.1.y. Should it be applied to older kernel
> branches as well ? I know it doesn't apply cleanly, but the conflicts
> should be easy to resolve. I'll be happy to send backports to stable@ if
> needed.
>
> Thanks,
> Guenter
Look like Meena Shanmugam is doing this. Please check this:
https://lore.kernel.org/all/20230323005440.518172-2-meenashanmugam@google.com/
Thanks for your attention.
Thanks,
Hangyu
Powered by blists - more mailing lists