| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
Message-ID: <1279700420.2452.15.camel@edumazet-laptop>
Date: Wed, 21 Jul 2010 10:20:20 +0200
From: Eric Dumazet <eric.dumazet@...il.com>
To: Johannes Berg <johannes@...solutions.net>
Cc: David Miller <davem@...emloft.net>, netdev <netdev@...r.kernel.org>
Subject: Re: [PATCH net-next-2.6] netlink: netlink_recvmsg() fix
Le mercredi 21 juillet 2010 à 10:05 +0200, Johannes Berg a écrit :
> On Tue, 2010-07-20 at 17:20 +0200, Eric Dumazet wrote:
>
> > [PATCH net-next-2.6 v2] netlink: netlink_recvmsg() fix
> >
> > commit 1dacc76d0014
> > (net/compat/wext: send different messages to compat tasks)
> > introduced a race condition on netlink, in case MSG_PEEK is used.
> >
> > An skb given by skb_recv_datagram() might be shared, we must copy it
> > before any modification, or risk fatal corruption.
>
> Makes sense to me, seeing that if you MSG_PEEK it just increases
> skb->users. But nothing could touch the other skb at the same time?
> Although I guess with netlink multicast we have a similar situation.
Nothing can touch this skb at the same time but us and our friends
(consumers that did a skb_recv_datagram( MSG_PEEK ) operation).
Oh well, I see skb_unshare() tests skb_cloned(). This is not what we
want.
We probably wants something like :
if (skb_shared(skb)) {
nsbk = skb_copy(skb, GFP_KERNEL);
...
}
--
To unsubscribe from this list: send the line "unsubscribe netdev" in
the body of a message to majordomo@...r.kernel.org
More majordomo info at http://vger.kernel.org/majordomo-info.html
Powered by blists - more mailing lists