lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [<thread-prev] [day] [month] [year] [list] 
Message-ID: <20160305195715.GA16052@electric-eye.fr.zoreil.com>
Date:	Sat, 5 Mar 2016 20:57:15 +0100
From:	Francois Romieu <romieu@...zoreil.com>
To:	f6bvp <f6bvp@...e.fr>
Cc:	David Miller <davem@...emloft.net>, netdev@...r.kernel.org,
	ralf@...ux-mips.org
Subject: Re: [Patch] rose_route_frame() NULL pointer dereference kernel panic

f6bvp <f6bvp@...e.fr> :
> Le 05/03/2016 17:22, David Miller a écrit :
[...]
> > If that's what he intended he would have implemented the entirety of
> > rose_xmit() as "kfree_skb(skb)".  But that's obviously not the case.
> > 
> > The author meant the packet to be sent in some way, perhaps using a
> > default path or something like that.
> 
> Via a NULL pointer ?
> I don't see how it could work.

Ask G4KLX what he meant when he wrote rose_rebuild_header (since that's
where Eric B. took rose_xmit from) back in the 2.1.9 era ?

See https://git.kernel.org/cgit/linux/kernel/git/history/history.git/commit/?id=d75df542864496c92ff705d7d072a58b0119a4ff

-- 
Ueimor

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ