| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
Message-ID: <CA+icZUU25QMMCVT1VfF9XB0wrkppNmKQbHwoHDAQ-qV9bi+HqQ@mail.gmail.com> Date: Sun, 4 Sep 2011 09:12:21 +0200 From: Sedat Dilek <sedat.dilek@...glemail.com> To: "Yan, Zheng" <zheng.z.yan@...el.com> Cc: "netdev@...r.kernel.org" <netdev@...r.kernel.org>, "davem@...emloft.net" <davem@...emloft.net>, "sfr@...b.auug.org.au" <sfr@...b.auug.org.au>, "tim.c.chen@...ux.intel.com" <tim.c.chen@...ux.intel.com>, "jirislaby@...il.com" <jirislaby@...il.com> Subject: Re: [PATCH -next v2] unix stream: Fix use-after-free crashes On Sun, Sep 4, 2011 at 7:44 AM, Yan, Zheng <zheng.z.yan@...el.com> wrote: > Commit 0856a30409 (Scm: Remove unnecessary pid & credential references > in Unix socket's send and receive path) introduced a use-after-free bug. > It passes the scm reference to the first skb. Skb(s) afterwards may > reference freed data structure because the first skb can be destructed > by the receiver at anytime. The fix is by passing the scm reference to > the very last skb. > s/by passing/bypassing ? > Signed-off-by: Zheng Yan <zheng.z.yan@...el.com> > Reported-by: Jiri Slaby <jirislaby@...il.com> > --- Tested on i386 against linux-next (next-20110831). - Sedat - -- To unsubscribe from this list: send the line "unsubscribe netdev" in the body of a message to majordomo@...r.kernel.org More majordomo info at http://vger.kernel.org/majordomo-info.html
Powered by blists - more mailing lists