| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
Message-ID: <20130215124141.GB20018@order.stressinduktion.org> Date: Fri, 15 Feb 2013 13:41:41 +0100 From: Hannes Frederic Sowa <hannes@...essinduktion.org> To: David Miller <davem@...emloft.net> Cc: eric.dumazet@...il.com, tt.rantala@...il.com, netdev@...r.kernel.org, davej@...hat.com, xemul@...allels.com Subject: Re: [PATCH] net: fix infinite loop in __skb_recv_datagram() On Tue, Feb 12, 2013 at 04:07:33PM -0500, David Miller wrote: > From: Eric Dumazet <eric.dumazet@...il.com> > Date: Tue, 12 Feb 2013 08:16:53 -0800 > > > From: Eric Dumazet <edumazet@...gle.com> > > > > Tommi was fuzzing with trinity and reported the following problem : > > > > commit 3f518bf745 (datagram: Add offset argument to __skb_recv_datagram) > > missed that a raw socket receive queue can contain skbs with no payload. > > > > We can loop in __skb_recv_datagram() with MSG_PEEK mode, because > > wait_for_packet() is not prepared to skip these skbs. > ... > > Reported-by: Tommi Rantala <tt.rantala@...il.com> > > Tested-by: Tommi Rantala <tt.rantala@...il.com> > > Signed-off-by: Eric Dumazet <edumazet@...gle.com> > > Applied, thanks. This issue got a CVE: http://seclists.org/oss-sec/2013/q1/310 Perhaps it's something that should go to stable? Thanks, Hannes -- To unsubscribe from this list: send the line "unsubscribe netdev" in the body of a message to majordomo@...r.kernel.org More majordomo info at http://vger.kernel.org/majordomo-info.html
Powered by blists - more mailing lists