lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list]
Date:   Tue, 28 Mar 2017 21:34:16 -0700 (PDT)
From:   David Miller <davem@...emloft.net>
To:     g.nault@...halink.fr
Cc:     netdev@...r.kernel.org, jchapman@...alix.com
Subject: Re: [PATCH net] l2tp: hold tunnel socket when handling control
 frames in l2tp_ip and l2tp_ip6

From: Guillaume Nault <g.nault@...halink.fr>
Date: Tue, 28 Mar 2017 15:32:35 +0200

> The code following l2tp_tunnel_find() expects that a new reference is
> held on sk. Either sk_receive_skb() or the discard_put error path will
> drop a reference from the tunnel's socket.
> 
> This issue exists in both l2tp_ip and l2tp_ip6.
> 
> Signed-off-by: Guillaume Nault <g.nault@...halink.fr>

You introduced this bug in commit:

====================
commit a3c18422a4b4e108bcf6a2328f48867e1003fd95
Author: Guillaume Nault <g.nault@...halink.fr>
Date:   Tue Nov 29 13:09:45 2016 +0100

    l2tp: hold socket before dropping lock in l2tp_ip{, 6}_recv()
====================

Therefore you should make this clear with a proper "Fixes: " tag
such as:

Fixes: a3c18422a4b4 ("l2tp: hold socket before dropping lock in l2tp_ip{, 6}_recv()")

on a line right before your signoff.

Powered by blists - more mailing lists