lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list] 
Message-ID: <4C908768.4040502@cn.fujitsu.com>
Date:	Wed, 15 Sep 2010 16:44:24 +0800
From:	Shan Wei <shanwei@...fujitsu.com>
To:	Thomas Dreibholz <dreibh@....uni-due.de>
CC:	netdev@...r.kernel.org, linux-sctp@...r.kernel.org,
	Martin Becke <martin.becke@...-due.de>
Subject: Re: [PATCH] net: SCTP NULL-pointer dereference problem description
 and fix

Thomas Dreibholz wrote, at 09/15/2010 04:03 PM:
> sctp_assoc_update_retran_path() in net/sctp/associola.c may dereference a 
> NULL-pointer when compiled with SCTP_DEBUG option: t will be NULL if there is 
> no usable path for retransmission. SCTP_DEBUG_PRINTK_IPADDR() makes an access 
> to t->ipaddr.v4.sin_port, without checking t before. t==NULL => oops.
> 
> The patch below against 2.6.36-rc4 (git repository) simply ensures that t is 
> checked for not being set to NULL before calling SCTP_DEBUG_PRINTK_IPADDR().

This bug has been reported by WeiYongjun and fixed by vlad for several months.
About the details see .
http://marc.info/?l=linux-sctp&m=127359276009851&w=2

But this patch is still in vlad's net-next tree, not in main tree.
See the patch:
http://git.kernel.org/?p=linux/kernel/git/vxy/lksctp-dev.git;a=commit;h=eb1639d206320e6a09168d6dd77306eaf5f02582



> 
> 
> Signed-off-by: Thomas Dreibholz <dreibh@....uni-due.de>
> ---
> diff --git a/net/sctp/associola.c b/net/sctp/associola.c
> index e41feff..b2688a4 100644
> --- a/net/sctp/associola.c
> +++ b/net/sctp/associola.c
> @@ -1321,15 +1321,15 @@ void sctp_assoc_update_retran_path(struct 
> sctp_association *asoc)
>  		}
>  	}
> 
> -	if (t)
> +	if (t) {
>  		asoc->peer.retran_path = t;
> -
> -	SCTP_DEBUG_PRINTK_IPADDR("sctp_assoc_update_retran_path:association"
> -				 " %p addr: ",
> -				 " port: %d\n",
> -				 asoc,
> -				 (&t->ipaddr),
> -				 ntohs(t->ipaddr.v4.sin_port));
> +		SCTP_DEBUG_PRINTK_IPADDR("sctp_assoc_update_retran_path:association"
> +					 " %p addr: ",
> +					 " port: %d\n",
> +					 asoc,
> +					 (&t->ipaddr),
> +					 ntohs(t->ipaddr.v4.sin_port));
> +	}
>  }
> 
>  /* Choose the transport for sending retransmit packet.  */
> --
> To unsubscribe from this list: send the line "unsubscribe linux-sctp" in
> the body of a message to majordomo@...r.kernel.org
> More majordomo info at  http://vger.kernel.org/majordomo-info.html
> 
> 


-- 

Best Regards
-----
Shan Wei
--
To unsubscribe from this list: send the line "unsubscribe netdev" in
the body of a message to majordomo@...r.kernel.org
More majordomo info at  http://vger.kernel.org/majordomo-info.html

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ