| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
Message-ID: <063D6719AE5E284EB5DD2968C1650D6D1CBE9A61@AcuExch.aculab.com> Date: Wed, 9 Dec 2015 15:49:27 +0000 From: David Laight <David.Laight@...LAB.COM> To: 'Eric Dumazet' <eric.dumazet@...il.com>, Eric Dumazet <edumazet@...gle.com> CC: Marcelo Ricardo Leitner <marcelo.leitner@...il.com>, Dmitry Vyukov <dvyukov@...gle.com>, "David S. Miller" <davem@...emloft.net>, "Alexey Kuznetsov" <kuznet@....inr.ac.ru>, James Morris <jmorris@...ei.org>, "Hideaki YOSHIFUJI" <yoshfuji@...ux-ipv6.org>, Patrick McHardy <kaber@...sh.net>, netdev <netdev@...r.kernel.org>, LKML <linux-kernel@...r.kernel.org>, "Vlad Yasevich" <vyasevich@...il.com>, Neil Horman <nhorman@...driver.com>, "linux-sctp@...r.kernel.org" <linux-sctp@...r.kernel.org>, syzkaller <syzkaller@...glegroups.com>, Kostya Serebryany <kcc@...gle.com>, "Alexander Potapenko" <glider@...gle.com>, Sasha Levin <sasha.levin@...cle.com> Subject: RE: [PATCH net] ipv6: sctp: clone options to avoid use after free > SCTP is lacking proper np->opt cloning at accept() time. > > TCP and DCCP use ipv6_dup_options() helper, do the same in SCTP. > > We might later factorize this code in a common helper to avoid > future mistakes. I'm wondering what the real impact of this and the other recent SCTP bugs/patches is on real workloads? We have enough trouble getting our customers to use kernels later that the 2.6.18 based RHEL5 - without having to persuade them to use kernels that contain very recent fixes. David
Powered by blists - more mailing lists