lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list] 
Message-ID: <20170207125855.GB3414@localhost.localdomain>
Date:   Tue, 7 Feb 2017 10:58:55 -0200
From:   Marcelo Ricardo Leitner <marcelo.leitner@...il.com>
To:     Xin Long <lucien.xin@...il.com>
Cc:     network dev <netdev@...r.kernel.org>, linux-sctp@...r.kernel.org,
        davem@...emloft.net, Neil Horman <nhorman@...driver.com>,
        Vlad Yasevich <vyasevich@...il.com>
Subject: Re: [PATCH net] sctp: check af before verify address in
 sctp_addr_id2transport

On Tue, Feb 07, 2017 at 08:56:08PM +0800, Xin Long wrote:
> Commit 6f29a1306131 ("sctp: sctp_addr_id2transport should verify the
> addr before looking up assoc") invoked sctp_verify_addr to verify the
> addr.
> 
> But it didn't check af variable beforehand, once users pass an address
> with family = 0 through sockopt, sctp_get_af_specific will return NULL
> and NULL pointer dereference will be caused by af->sockaddr_len.
> 
> This patch is to fix it by returning NULL if af variable is NULL.
> 
> Fixes: 6f29a1306131 ("sctp: sctp_addr_id2transport should verify the addr before looking up assoc")
> Signed-off-by: Xin Long <lucien.xin@...il.com>

Acked-by: Marcelo Ricardo Leitner <marcelo.leitner@...il.com>

> ---
>  net/sctp/socket.c | 2 +-
>  1 file changed, 1 insertion(+), 1 deletion(-)
> 
> diff --git a/net/sctp/socket.c b/net/sctp/socket.c
> index 37eeab7..f354375 100644
> --- a/net/sctp/socket.c
> +++ b/net/sctp/socket.c
> @@ -239,7 +239,7 @@ static struct sctp_transport *sctp_addr_id2transport(struct sock *sk,
>  	union sctp_addr *laddr = (union sctp_addr *)addr;
>  	struct sctp_transport *transport;
>  
> -	if (sctp_verify_addr(sk, laddr, af->sockaddr_len))
> +	if (!af || sctp_verify_addr(sk, laddr, af->sockaddr_len))
>  		return NULL;
>  
>  	addr_asoc = sctp_endpoint_lookup_assoc(sctp_sk(sk)->ep,
> -- 
> 2.1.0
> 
> --
> To unsubscribe from this list: send the line "unsubscribe linux-sctp" in
> the body of a message to majordomo@...r.kernel.org
> More majordomo info at  http://vger.kernel.org/majordomo-info.html
>

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ