lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [thread-next>] [day] [month] [year] [list]
Message-Id: <1228674863.15263.82.camel@bzorp.balabit>
Date:	Sun, 7 Dec 2008 11:16:53 +0100
From:	Balazs Scheidler <bazsi@...abit.hu>
To:	davem@...emloft.net, netdev@...r.kernel.org
Subject: [PATCH net-next-2.6] [TPROXY] fixes a possible read from an
 unmapped location in the socket match

	TIME_WAIT sockets need to be handled specially, and the socket match
	casted inet_timewait_sock instances to inet_sock, which are not
	compatible. Handle this special case by checking sk->sk_state.
---
 net/netfilter/xt_socket.c |    2 +-
 1 files changed, 1 insertions(+), 1 deletions(-)

diff --git a/net/netfilter/xt_socket.c b/net/netfilter/xt_socket.c
index 0e03922..1d521a5 100644
--- a/net/netfilter/xt_socket.c
+++ b/net/netfilter/xt_socket.c
@@ -144,7 +144,7 @@ socket_mt(const struct sk_buff *skb, const struct xt_match_param *par)
 	sk = nf_tproxy_get_sock_v4(dev_net(skb->dev), protocol,
 				   saddr, daddr, sport, dport, par->in, false);
 	if (sk != NULL) {
-		bool wildcard = (inet_sk(sk)->rcv_saddr == 0);
+		bool wildcard = (sk->sk_state != TCP_TIME_WAIT && inet_sk(sk)->rcv_saddr == 0);
 
 		nf_tproxy_put_sock(sk);
 		if (wildcard)
-- 
1.5.6.3


--
To unsubscribe from this list: send the line "unsubscribe netdev" in
the body of a message to majordomo@...r.kernel.org
More majordomo info at  http://vger.kernel.org/majordomo-info.html

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ