| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
Message-ID: <20131118221542.GN16541@order.stressinduktion.org> Date: Mon, 18 Nov 2013 23:15:42 +0100 From: Hannes Frederic Sowa <hannes@...essinduktion.org> To: David Miller <davem@...emloft.net> Cc: netdev@...r.kernel.org Subject: Re: [PATCH] ping: prevent NULL pointer dereference on write to msg_name On Mon, Nov 18, 2013 at 04:02:38PM -0500, David Miller wrote: > From: Hannes Frederic Sowa <hannes@...essinduktion.org> > Date: Mon, 18 Nov 2013 07:07:45 +0100 > > > A plain read() on a socket does set msg->msg_name to NULL. So check for > > NULL pointer first. > > > > Signed-off-by: Hannes Frederic Sowa <hannes@...essinduktion.org> > > --- > > > > Addendum to "[v4] inet: prevent leakage of uninitialized memory to user in > > recv syscalls". > > Applied and queued up for -stable, thanks Hannes. > > Looks like ipv6 got this case right. No, IPv6 reuses the IPv4 recvmsg handler. The patch fixes that as well. Thanks, Hannes -- To unsubscribe from this list: send the line "unsubscribe netdev" in the body of a message to majordomo@...r.kernel.org More majordomo info at http://vger.kernel.org/majordomo-info.html
Powered by blists - more mailing lists