| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
Message-ID: <CADvbK_dNusmGm2Bc34ZUZznTLM1W6DcvGwyotYhP5=cdikvXkQ@mail.gmail.com>
Date: Mon, 22 Sep 2025 13:22:29 -0400
From: Xin Long <lucien.xin@...il.com>
To: Alexey Simakov <a.simakov@...uritycode.ru>
Cc: marcelo.leitner@...il.com, davem@...emloft.net, edumazet@...gle.com,
kuba@...nel.org, pabeni@...hat.com, horms@...nel.org,
linux-sctp@...r.kernel.org, netdev@...r.kernel.org,
linux-kernel@...r.kernel.org, lvc-project@...uxtesting.org
Subject: Re: [PATCH] sctp: fix null deref in sctp_sf_do_5_1D_ce()
On Mon, Sep 22, 2025 at 12:17 PM Alexey Simakov
<a.simakov@...uritycode.ru> wrote:
>
> The check of new_asoc->peer.adaptation_ind can fail,
> leaving ai_ev uninitialized. In that case, the code
> can jump to the nomem_authdev label and later call
> sctp_ulpevent_free() with a null ai_ev pointer.
> Leading to a potential null dereference.
>
> Add check of ai_ev pointer before call of
> sctp_ulpevent_free function.
>
> Found by Linux Verification Center (linuxtesting.org) with SVACE.
>
> Fixes: 30f6ebf65bc4 ("sctp: add SCTP_AUTH_NO_AUTH type for AUTHENTICATION_EVENT")
> Signed-off-by: Alexey Simakov <a.simakov@...uritycode.ru>
> ---
> net/sctp/sm_statefuns.c | 3 ++-
> 1 file changed, 2 insertions(+), 1 deletion(-)
>
> diff --git a/net/sctp/sm_statefuns.c b/net/sctp/sm_statefuns.c
> index a0524ba8d787..93cac73472c7 100644
> --- a/net/sctp/sm_statefuns.c
> +++ b/net/sctp/sm_statefuns.c
> @@ -885,7 +885,8 @@ enum sctp_disposition sctp_sf_do_5_1D_ce(struct net *net,
> return SCTP_DISPOSITION_CONSUME;
>
> nomem_authev:
> - sctp_ulpevent_free(ai_ev);
> + if (ai_ev)
> + sctp_ulpevent_free(ai_ev);
The patch can not be applied. It seems these 3 lines start with spaces?
You may run ./scripts/checkpatch.pl against it.
Thanks.
> nomem_aiev:
> sctp_ulpevent_free(ev);
> nomem_ev:
> --
> 2.34.1
>
> Заявление о конфиденциальности
>
> Данное электронное письмо и любые приложения к нему являются конфиденциальными и предназначены исключительно для адресата. Если Вы не являетесь адресатом данного письма, пожалуйста, уведомите немедленно отправителя, не раскрывайте содержание другим лицам, не используйте его в каких-либо целях, не храните и не копируйте информацию любым способом.
Powered by blists - more mailing lists