lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list] 
Date:	Thu, 08 May 2014 05:34:45 -0700
From:	Eric Dumazet <eric.dumazet@...il.com>
To:	Wang Weidong <wangweidong1@...wei.com>
Cc:	David Miller <davem@...emloft.net>, kuznet@....inr.ac.ru,
	jmorris@...ei.org, yoshfuji@...ux-ipv6.org, kaber@...sh.net,
	netdev@...r.kernel.org
Subject: Re: [PATCH net-next] ipv4: fix kfree static array pointer in
 ipv4_sysctl_exit_net

On Thu, 2014-05-08 at 15:40 +0800, Wang Weidong wrote:
> In ipv4_sysctl_init_net, we don't kmemdup a sysctl_table for init_net,
> so init_net->ipv4.ipv4_hdr->ctl_table_arg points to ipv4_net_table which
> is a static array pointer. So when do ipv4_sysctl_exit_net, it will
> free the ipv4_net_table for init_net.
> 
> So add a check net_namespace init_net before kfree the sysctl_table.
> 
> Signed-off-by: Wang Weidong <wangweidong1@...wei.com>
> ---
>  net/ipv4/sysctl_net_ipv4.c | 3 ++-
>  1 file changed, 2 insertions(+), 1 deletion(-)
> 
> diff --git a/net/ipv4/sysctl_net_ipv4.c b/net/ipv4/sysctl_net_ipv4.c
> index 44eba05..2825577 100644
> --- a/net/ipv4/sysctl_net_ipv4.c
> +++ b/net/ipv4/sysctl_net_ipv4.c
> @@ -891,7 +891,8 @@ static __net_exit void ipv4_sysctl_exit_net(struct net *net)
>  
>  	table = net->ipv4.ipv4_hdr->ctl_table_arg;
>  	unregister_net_sysctl_table(net->ipv4.ipv4_hdr);
> -	kfree(table);
> +	if (!net_eq(net, &init_net))
> +		kfree(table);
>  }
>  
>  static __net_initdata struct pernet_operations ipv4_sysctl_ops = {

Could you explain how you can trigger this case, calling
ipv4_sysctl_exit_net() with net == &init_net ?

This would be a bug, your patch would try to hide it maybe ?


--
To unsubscribe from this list: send the line "unsubscribe netdev" in
the body of a message to majordomo@...r.kernel.org
More majordomo info at  http://vger.kernel.org/majordomo-info.html

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ