lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list]
Message-ID: <CAHC9VhRvrOCqBT-2xRF5zrkeDN3EvShUggOF=Uh47TXFc5Uu1w@mail.gmail.com>
Date: Fri, 28 Mar 2025 12:02:00 -0400
From: Paul Moore <paul@...l-moore.com>
To: Jakub Kicinski <kuba@...nel.org>, Debin Zhu <mowenroot@....com>, Bitao Ouyang <1985755126@...com>
Cc: netdev@...r.kernel.org, linux-kernel@...r.kernel.org
Subject: Re: [PATCH] netlabel: Fix NULL pointer exception caused by CALIPSO on
 IPv4 sockets

On Fri, Mar 28, 2025 at 8:02 AM Jakub Kicinski <kuba@...nel.org> wrote:
> On Wed, 26 Mar 2025 15:38:25 -0400 Paul Moore wrote:
> > For all three function, I'd probably add a single blank line between
> > the local variable declarations and the code below for the sake of
> > readability.  I'd probably also drop the comment as the code seems
> > reasonably obvious (inet6_sk() can return NULL, we can't do anything
> > with a NULL ptr so bail), but neither are reasons for not applying
> > this patch, if anything they can be fixed up during the merge assuming
> > the patch author agrees.
> >
> > Anyway, this looks good to me, Jakub and/or other netdev folks, we
> > should get this marked for stable and sent up to Linus, do you want to
> > do that or should I?
>
> Thanks for the CC! Feel free to take it to Linus if you're happy with
> it. We don't have the posting on the list so it'd be minor pain to apply.

Will do.  As long as it gets up to Linus somehow I'm happy.

> As you say the safety check is probably okay, tho, it's unclear from
> the commit message and comment how we get here with a v4 socket or
> perhaps not a fullsock..

Good point about the root-cause/reproducer; there was some discussion
about this issue on a separate private list and I think we lost some
of the information along the way.  The initial report was for the
connect() case, but while looking into the problem I noticed a few
instances with a similar pattern and since we're only talking about
one additional NULL check during socket-level ops on a CALIPSO marked
socket (nothing per-packet), I figured to err on the side of safety.

Debin Zhu and Bitao Ouyang, considering the other suggested changes to
the code, would you be able to submit a second revision to the patch
that incorporates the suggested changes as well as an improved patch
description which includes your reproducer and notes on testing?  You
can send the email to the LSM <linux-security-module@...r.kernel.org>
list while CC'ing the netdev <netdev@...r.kernel.org> list, the
SELinux <selinux@...r.kernel.org> list, and me directly (just in case
there is another issue with the mailing lists).  This should also give
you an opportunity to try posting to the mailing lists again ;)

-- 
paul-moore.com

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ