lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [<thread-prev] [day] [month] [year] [list] 
Message-ID: <9d240ea8-7e55-4be2-b99b-3f2657c5f8c8@openvpn.net>
Date: Fri, 6 Feb 2026 21:06:35 +0100
From: Antonio Quartulli <antonio@...nvpn.net>
To: Salvatore Bonaccorso <carnil@...ian.org>
Cc: Jon Penn <jpenn@...tonvillek12.org>, Sabrina Dubroca
 <sd@...asysnail.net>, 1126499@...s.debian.org,
 Andrew Lunn <andrew+netdev@...n.ch>, "David S. Miller"
 <davem@...emloft.net>, Eric Dumazet <edumazet@...gle.com>,
 Jakub Kicinski <kuba@...nel.org>, Paolo Abeni <pabeni@...hat.com>,
 netdev@...r.kernel.org, linux-kernel@...r.kernel.org,
 Ralf Lici <ralf@...delbit.com>
Subject: Re: Bug#1126499: linux-image-6.17.13+deb14-amd64: ovpn NULL pointer
 dereference and lockup under heavy load

Hi Salvatore,

On 06/02/2026 19:19, Salvatore Bonaccorso wrote:
> Hi Antonio,
> 
> On Mon, Feb 02, 2026 at 09:26:16AM +0100, Antonio Quartulli wrote:
>> On 01/02/2026 17:23, Salvatore Bonaccorso wrote:
>>> Control: forwarded -1 https://lore.kernel.org/netdev/176996279620.3109699.15382994681575380467@eldamar.lan
>>>
>>> Hi Antonio and all,
>>>
>>> In Debian we got the following report from Jon Penn using ovpn,
>>> reported at https://bugs.debian.org/1126499
>>
>> Hi all,
>>
>> Thanks a lot for the report!
>> We have a fix for this issue in our pipe already - I'll forward it to net
>> ASAP.
> 
> Do you have patch already which you would appreciate if Jon Penn could
> test and maybe add a Tested-by or is that not needed at this point as
> things setting already?

This is the patch:

https://patchwork.openvpn.net/project/openvpn2/patch/20260202132309.567382-1-ralf@mandelbit.com/

Jon can definitely test the patch and give us his feedback.

However, being this part of the code very critical for socket handling, 
I am still spending some time with Ralf and Sabrina to make sure we are 
not introducing any subtle bug/side effect.

In any case, please feel free to test so we can confirm that the problem 
you reported is truly the same as the one we were already investigating.

Thanks a lot.

Regards,

-- 
Antonio Quartulli
OpenVPN Inc.

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ