lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [<thread-prev] [day] [month] [year] [list] 
Message-ID:
 <GV1P189MB1988732E99991AE664F2439AC673A@GV1P189MB1988.EURP189.PROD.OUTLOOK.COM>
Date: Tue, 17 Jun 2025 00:56:59 +0000
From: Tung Quang Nguyen <tung.quang.nguyen@....tech>
To: Haixia Qu <hxqu@...lstonenet.com>, Jon Maloy <jmaloy@...hat.com>, "David
 S. Miller" <davem@...emloft.net>, Eric Dumazet <edumazet@...gle.com>, Jakub
 Kicinski <kuba@...nel.org>, Paolo Abeni <pabeni@...hat.com>, Simon Horman
	<horms@...nel.org>
CC: "netdev@...r.kernel.org" <netdev@...r.kernel.org>,
	"tipc-discussion@...ts.sourceforge.net"
	<tipc-discussion@...ts.sourceforge.net>, "linux-kernel@...r.kernel.org"
	<linux-kernel@...r.kernel.org>
Subject: RE: [PATCH net] tipc: fix panic in tipc_udp_nl_dump_remoteip() using
 bearer as udp without check

>Subject: [PATCH net] tipc: fix panic in tipc_udp_nl_dump_remoteip() using
>bearer as udp without check
Please rephrase the name of this patch and add version for each change.
Example for your next sending:
[PATCH v4 net] tipc: fix null-ptr-deref when acquiring remote ip of ethernet bearer
>
>When TIPC_NL_UDP_GET_REMOTEIP cmd calls tipc_udp_nl_dump_remoteip()
>with media name set to a l2 name, kernel panics [1].
Remove above description because new patch name is descriptive enough.
>
>The reproduction steps:
>1. create a tun interface
>2. enable l2 bearer
>3. TIPC_NL_UDP_GET_REMOTEIP with media name set to tun
>
>the ub was in fact a struct dev.
>
>when bid != 0 && skip_cnt != 0, bearer_list[bid] may be NULL or other media
>when other thread changes it.
>
>fix this by checking media_id.
>
>[1]
>tipc: Started in network mode
>tipc: Node identity 8af312d38a21, cluster identity 4711
>tipc: Enabled bearer <eth:syz_tun>, priority 1
>Oops: general protection fault
>KASAN: null-ptr-deref in range
>CPU: 1 UID: 1000 PID: 559 Comm: poc Not tainted 6.16.0-rc1+ #117 PREEMPT
>Hardware name: QEMU Ubuntu 24.04 PC
>RIP: 0010:tipc_udp_nl_dump_remoteip+0x4a4/0x8f0
Please move this observation right after the reproduction steps.

>Fixes: 832629ca5c313 ("tipc: add UDP remoteip dump to netlink API")
>Signed-off-by: Haixia Qu <hxqu@...lstonenet.com>
>---
Please add "v4: <the reason of version up>" here

Note: Please remove email domain ericsson.com of Jon and Richard because it is not existing anymore.

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ