| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
Message-ID: <20090128093507.GA15956@gondor.apana.org.au>
Date: Wed, 28 Jan 2009 20:35:07 +1100
From: Herbert Xu <herbert@...dor.apana.org.au>
To: Eric Sesterhenn <snakebyte@....de>
Cc: David Miller <davem@...emloft.net>, netdev@...r.kernel.org,
YOSHIFUJI Hideaki <yoshfuji@...ux-ipv6.org>
Subject: Re: Deadlock with icmpv6fuzz
On Tue, Jan 27, 2009 at 07:53:56AM +0000, Eric Sesterhenn wrote:
>
> With current -git i get a different issue (and the box stays alive)
I think I see the problem (though I must say that this code is
really hairy, it's almost like I'm reading your average device
driver!).
When a protocol such as raw or UDP parses extension headers it
stores a pointer to the parsed option in ipv6_txoptions instead
of copying the option.
So as long as you only use it during the system call nothing bad
happens, but once you put the cork on, the next send is going to
go boom.
Any volunteers to fix this?
Cheers,
--
Visit Openswan at http://www.openswan.org/
Email: Herbert Xu ~{PmV>HI~} <herbert@...dor.apana.org.au>
Home Page: http://gondor.apana.org.au/~herbert/
PGP Key: http://gondor.apana.org.au/~herbert/pubkey.txt
--
To unsubscribe from this list: send the line "unsubscribe netdev" in
the body of a message to majordomo@...r.kernel.org
More majordomo info at http://vger.kernel.org/majordomo-info.html
Powered by blists - more mailing lists