| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
Message-ID: <1480602847.18162.288.camel@edumazet-glaptop3.roam.corp.google.com>
Date: Thu, 01 Dec 2016 06:34:07 -0800
From: Eric Dumazet <eric.dumazet@...il.com>
To: Artem Savkov <asavkov@...hat.com>
Cc: davem@...emloft.net, netdev@...r.kernel.org,
linux-kernel@...r.kernel.org, jstancek@...hat.com,
steffen.klassert@...unet.com, alexander.h.duyck@...el.com
Subject: Re: [PATCH] ip6_offload: check segs for NULL in ipv6_gso_segment.
On Thu, 2016-12-01 at 14:06 +0100, Artem Savkov wrote:
> segs needs to be checked for being NULL in ipv6_gso_segment() before calling
> skb_shinfo(segs), otherwise kernel can run into a NULL-pointer dereference:
> Signed-off-by: Artem Savkov <asavkov@...hat.com>
> ---
>
> diff --git a/net/ipv6/ip6_offload.c b/net/ipv6/ip6_offload.c
> index 1fcf61f..89c59e6 100644
> --- a/net/ipv6/ip6_offload.c
> +++ b/net/ipv6/ip6_offload.c
> @@ -99,7 +99,7 @@ static struct sk_buff *ipv6_gso_segment(struct sk_buff *skb,
> segs = ops->callbacks.gso_segment(skb, features);
> }
>
> - if (IS_ERR(segs))
> + if (IS_ERR_OR_NULL(segs))
> goto out;
>
> gso_partial = !!(skb_shinfo(segs)->gso_type & SKB_GSO_PARTIAL);
Do you know when was this bug added ?
Are you sure this is the right fix ?
Which gso_segment() is returning NULL exactly ?
Thanks.
Powered by blists - more mailing lists