| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
Date: Mon, 21 Jun 2010 15:34:09 +0200
From: Mathieu Lacage <mathieu.lacage@...hia.inria.fr>
To: netdev@...r.kernel.org
Subject: PATCH: uninitialized memory access in tcp_parse_options
valgrind reports the following error:
==15996== Conditional jump or move depends on uninitialised value(s)
==15996== at 0x6E63E4C: tcp_parse_options (tcp_input.c:3776)
==15996== by 0x6E856A3: tcp_check_req (tcp_minisocks.c:532)
==15996== by 0x6E7F0C6: tcp_v4_hnd_req (tcp_ipv4.c:1492)
==15996== by 0x6E7F55A: tcp_v4_do_rcv (tcp_ipv4.c:1571)
==15996== by 0x6E808C5: tcp_v4_rcv (tcp_ipv4.c:1690)
==15996== by 0x6E2DA7B: ip_local_deliver_finish (ip_input.c:231)
==15996== by 0x6E2DE0C: ip_local_deliver (netfilter.h:206)
==15996== by 0x6E2E940: ip_rcv_finish (dst.h:255)
==15996== by 0x6E2F17C: ip_rcv (netfilter.h:206)
==15996== by 0x6D53D0E: __netif_receive_skb (dev.c:2873)
==15996== by 0x6D5521F: process_backlog (dev.c:3305)
==15996== by 0x6D55A20: net_rx_action (dev.c:3435)
The attached patch (generated against net-next-2.6) fixes that error by
making sure that user_mss is correctly initialized at the start of
tcp_parse_options, just like saw_tstamp is initialized at the start of
this function. To try to be coherent, this patch also removes the
redundant initialization of saw_tstamp from the caller, tcp_check_req.
hope this helps,
Mathieu
--
Mathieu Lacage <mathieu.lacage@...hia.inria.fr>
Tel: +33 4 9238 5056
View attachment "tcp-options.patch" of type "text/x-patch" (856 bytes)
Powered by blists - more mailing lists