lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
Open Source and information security mailing list archives
| ||
|
Date: Thu, 03 Dec 2015 09:59:10 -0800 From: Eric Dumazet <eric.dumazet@...il.com> To: Marcelo Ricardo Leitner <marcelo.leitner@...il.com> Cc: Vlad Yasevich <vyasevich@...il.com>, syzkaller <syzkaller@...glegroups.com>, Neil Horman <nhorman@...driver.com>, linux-sctp@...r.kernel.org, netdev <netdev@...r.kernel.org>, Kostya Serebryany <kcc@...gle.com>, Alexander Potapenko <glider@...gle.com>, Sasha Levin <sasha.levin@...cle.com>, Eric Dumazet <edumazet@...gle.com>, Maciej Żenczykowski <maze@...gle.com>, Dmitry Vyukov <dvyukov@...gle.com> Subject: Re: use-after-free in sctp_do_sm On Thu, 2015-12-03 at 15:43 -0200, Marcelo Ricardo Leitner wrote: > Vlad, others, > > It's been a long time but this was introduced by commit 914e1c8b6980 > ("sctp: Inherit all socket options from parent correctly."). This is not > very consistent with how other protocols work and it will be hard to > keep tracking a negative mask of flags that we can't copy. > > I reviewed the list of options and I'm thinking that only > SO_BINDTODEVICE is worth copying, leaving the others for the application > to re-set, as it is for other protocols. So I'm thinking on simply: > > - newsk->sk_flags = sk->sk_flags; > + newsk->sk_flags = sk->sk_flags & SO_BINDTODEVICE; > > in the above. > > What do you think? I think SO_BINDTODEVICE is not a flag ;) #define SO_BINDTODEVICE 25 -- To unsubscribe from this list: send the line "unsubscribe netdev" in the body of a message to majordomo@...r.kernel.org More majordomo info at http://vger.kernel.org/majordomo-info.html
Powered by blists - more mailing lists