lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list]
Message-ID: <56DB1814.2050902@free.fr>
Date:	Sat, 5 Mar 2016 18:32:04 +0100
From:	f6bvp <f6bvp@...e.fr>
To:	David Miller <davem@...emloft.net>
Cc:	netdev@...r.kernel.org, ralf@...ux-mips.org
Subject: Re: [Patch] rose_route_frame() NULL pointer dereference kernel panic



Le 05/03/2016 17:22, David Miller a écrit :
> From: f6bvp <f6bvp@...e.fr>
> Date: Sat, 5 Mar 2016 16:32:42 +0100
> 
>> I understand I did not explain clearly or completely things.
>>
>> I agree that each time patched rose_xmit() is calling
>> rose_route_frame() it will
>> get a 0 return.
>> And I think this is what was intended by the author of rose_xmit().
> 
> If that's what he intended he would have implemented the entirety of
> rose_xmit() as "kfree_skb(skb)".  But that's obviously not the case.
> 
> The author meant the packet to be sent in some way, perhaps using a
> default path or something like that.

Via a NULL pointer ?
I don't see how it could work.

> 
> So please stop telling me over and over again that this function
> is meant to simply drop all packets, it's not true.
> 
I am just making hypothesis and trying to infer some deductions from the
behaviour of program when there is no more kernel panic.

If there is a situation leading to a kernel panic, I thought code should
be changed ?
What is the problem replacing a NULL argument by an array of 0 ?


Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ