lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
Open Source and information security mailing list archives
| ||
|
Date: Tue, 28 Mar 2017 21:34:16 -0700 (PDT) From: David Miller <davem@...emloft.net> To: g.nault@...halink.fr Cc: netdev@...r.kernel.org, jchapman@...alix.com Subject: Re: [PATCH net] l2tp: hold tunnel socket when handling control frames in l2tp_ip and l2tp_ip6 From: Guillaume Nault <g.nault@...halink.fr> Date: Tue, 28 Mar 2017 15:32:35 +0200 > The code following l2tp_tunnel_find() expects that a new reference is > held on sk. Either sk_receive_skb() or the discard_put error path will > drop a reference from the tunnel's socket. > > This issue exists in both l2tp_ip and l2tp_ip6. > > Signed-off-by: Guillaume Nault <g.nault@...halink.fr> You introduced this bug in commit: ==================== commit a3c18422a4b4e108bcf6a2328f48867e1003fd95 Author: Guillaume Nault <g.nault@...halink.fr> Date: Tue Nov 29 13:09:45 2016 +0100 l2tp: hold socket before dropping lock in l2tp_ip{, 6}_recv() ==================== Therefore you should make this clear with a proper "Fixes: " tag such as: Fixes: a3c18422a4b4 ("l2tp: hold socket before dropping lock in l2tp_ip{, 6}_recv()") on a line right before your signoff.
Powered by blists - more mailing lists