lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list] 
Date:	Fri, 31 Aug 2007 13:05:04 +0200 (CEST)
From:	Patrick McHardy <kaber@...sh.net>
To:	Andrew Morton <akpm@...ux-foundation.org>
cc:	netdev@...r.kernel.org, bugme-daemon@...zilla.kernel.org,
	link@...gy.org
Subject: Re: [Bugme-new] [Bug 8961] New: BUG triggered by oidentd in netlink
 code

On Thu, 30 Aug 2007, Andrew Morton wrote:

> On Thu, 30 Aug 2007 07:41:31 -0700 (PDT) bugme-daemon@...zilla.kernel.org wrote:
>
>> http://bugzilla.kernel.org/show_bug.cgi?id=8961
>
> This looks serious.
>
>>            Summary: BUG triggered by oidentd in netlink code
>>
>> Aug 29 23:28:44 bowl kernel: [349587.500440] BUG: unable to handle kernel NULL
>> pointer dereference<1>BUG: unable to handle kernel NULL pointer dereference at
>> virtual address 00000054
>> Aug 29 23:28:44 bowl kernel: [349587.500454]  printing eip:
>> Aug 29 23:28:45 bowl kernel: [349587.500457] c03318ae
>> Aug 29 23:28:45 bowl kernel: [349587.500459] *pde = 00000000
>> Aug 29 23:28:45 bowl kernel: [349587.500464] Oops: 0000 [#1]
>> Aug 29 23:28:45 bowl kernel: [349587.500466] PREEMPT SMP
>> Aug 29 23:28:46 bowl kernel: [349587.500474] Modules linked in: w83627hf
>> hwmon_vid i2c_isa
>> Aug 29 23:28:46 bowl kernel: [349587.500483] CPU:    0
>> Aug 29 23:28:47 bowl kernel: [349587.500485] EIP:    0060:[<c03318ae>]    Not
>> tainted VLI
>> Aug 29 23:28:47 bowl kernel: [349587.500487] EFLAGS: 00010246   (2.6.22.3 #1)
>> Aug 29 23:28:47 bowl kernel: [349587.500499] EIP is at netlink_rcv_skb+0xa/0x7e
>> Aug 29 23:28:48 bowl kernel: [349587.500506] eax: 00000000   ebx: 00000000


Seems to be a bug introduced by the netlink_run_queue conversion,
since there is no locking and netlink_run_queue doesn't check
for NULL results from skb_dequeue, it might pass NULL to
netlink_rcv_skb, which crashes.

Does this patch help?
View attachment "x" of type "TEXT/PLAIN" (597 bytes)

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ