| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
Date: Fri, 12 Feb 2016 13:25:15 +0000
From: Rainer Weikusat <rweikusat@...ileactivedefense.com>
To: Philipp Hahn <pmhahn@...ahn.de>
Cc: Ben Hutchings <ben@...adent.org.uk>,
Hannes Frederic Sowa <hannes@...essinduktion.org>,
Sasha Levin <sasha.levin@...cle.com>,
"David S. Miller" <davem@...emloft.net>,
linux-kernel@...r.kernel.org, Karolin Seeger <kseeger@...ba.org>,
Jason Baron <jbaron@...mai.com>,
Greg Kroah-Hartman <gregkh@...uxfoundation.org>,
Arvid Requate <requate@...vention.de>,
Stefan Gohmann <gohmann@...vention.de>, netdev@...r.kernel.org
Subject: Re: [PATCH net] af_unix: Guard against other == sk in unix_dgram_sendmsg
Philipp Hahn <pmhahn@...ahn.de> writes:
> Hello Rainer,
>
> Am 11.02.2016 um 20:37 schrieb Rainer Weikusat:
>> The unix_dgram_sendmsg routine use the following test
>>
>> if (unlikely(unix_peer(other) != sk && unix_recvq_full(other))) {
[...]
>> This isn't correct as the> specified address could have been bound to
>> the sending socket itself
[...]
> After applying that patch at least my machine running the samba test no
> longer crashes.
There's a possible gotcha in there: Send-to-self used to be limited by
the queue limit. But the rationale for that (IIRC) was that someone
could keep using newly created sockets to queue ever more data to a
single, unrelated receiver. I don't think this should apply when
receiving and sending sockets are identical. But that's just my
opinion. The other option would be to avoid the unix_state_double_lock
for sk == other. I'd be willing to change this accordingly if someone
thinks the queue limit should apply to send-to-self.
Powered by blists - more mailing lists