lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list]
Date:	Mon, 16 May 2016 14:06:08 +0000
From:	Jon Maloy <jon.maloy@...csson.com>
To:	Richard Alpe <richard.alpe@...csson.com>,
	"netdev@...r.kernel.org" <netdev@...r.kernel.org>
CC:	"sploving1@...il.com" <sploving1@...il.com>,
	"tipc-discussion@...ts.sourceforge.net" 
	<tipc-discussion@...ts.sourceforge.net>,
	"eric.dumazet@...il.com" <eric.dumazet@...il.com>
Subject: RE: [tipc-discussion] [PATCH net-next] tipc: check nl sock before
	parsing nested attributes

This is a serious bug, so it should be posted to net, not net-next.

Otherwise,
Acked-by: Jon Maloy <jon.maloy@...csson.cm>

///jon

> -----Original Message-----
> From: Richard Alpe [mailto:richard.alpe@...csson.com]
> Sent: Monday, 16 May, 2016 05:15
> To: netdev@...r.kernel.org
> Cc: sploving1@...il.com; tipc-discussion@...ts.sourceforge.net;
> eric.dumazet@...il.com
> Subject: [tipc-discussion] [PATCH net-next] tipc: check nl sock before parsing
> nested attributes
> 
> Make sure the socket for which the user is listing publication exists
> before parsing the socket netlink attributes.
> 
> Prior to this patch a call without any socket caused a NULL pointer
> dereference in tipc_nl_publ_dump().
> 
> Tested-and-reported-by: Baozeng Ding <sploving1@...il.com>
> Signed-off-by: Richard Alpe <richard.alpe@...csson.com>
> ---
>  net/tipc/socket.c | 3 +++
>  1 file changed, 3 insertions(+)
> 
> diff --git a/net/tipc/socket.c b/net/tipc/socket.c
> index 1262889..3b7a799 100644
> --- a/net/tipc/socket.c
> +++ b/net/tipc/socket.c
> @@ -2853,6 +2853,9 @@ int tipc_nl_publ_dump(struct sk_buff *skb, struct
> netlink_callback *cb)
>  		if (err)
>  			return err;
> 
> +		if (!attrs[TIPC_NLA_SOCK])
> +			return -EINVAL;
> +
>  		err = nla_parse_nested(sock, TIPC_NLA_SOCK_MAX,
>  				       attrs[TIPC_NLA_SOCK],
>  				       tipc_nl_sock_policy);
> --
> 2.1.4
> 
> 
> ------------------------------------------------------------------------------
> Mobile security can be enabling, not merely restricting. Employees who
> bring their own devices (BYOD) to work are irked by the imposition of MDM
> restrictions. Mobile Device Manager Plus allows you to control only the
> apps on BYO-devices by containerizing them, leaving personal data untouched!
> https://ad.doubleclick.net/ddm/clk/304595813;131938128;j
> _______________________________________________
> tipc-discussion mailing list
> tipc-discussion@...ts.sourceforge.net
> https://lists.sourceforge.net/lists/listinfo/tipc-discussion

Powered by blists - more mailing lists