| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
Message-ID: <cover.1523558015.git.g.nault@alphalink.fr> Date: Thu, 12 Apr 2018 20:50:32 +0200 From: Guillaume Nault <g.nault@...halink.fr> To: netdev@...r.kernel.org Cc: James Chapman <jchapman@...alix.com> Subject: [PATCH net 0/3] l2tp: remove unsafe calls to l2tp_tunnel_find_nth() Using l2tp_tunnel_find_nth() is racy, because the returned tunnel can go away as soon as this function returns. This series introduce l2tp_tunnel_get_nth() as a safe replacement to fixes these races. With this series, all unsafe tunnel/session lookups are finally gone. Guillaume Nault (3): l2tp: hold reference on tunnels in netlink dumps l2tp: hold reference on tunnels printed in pppol2tp proc file l2tp: hold reference on tunnels printed in l2tp/tunnels debugfs file net/l2tp/l2tp_core.c | 40 ++++++++++++++++++++-------------------- net/l2tp/l2tp_core.h | 3 ++- net/l2tp/l2tp_debugfs.c | 15 +++++++++++++-- net/l2tp/l2tp_netlink.c | 11 ++++++++--- net/l2tp/l2tp_ppp.c | 24 +++++++++++++++++------- 5 files changed, 60 insertions(+), 33 deletions(-) -- 2.17.0
Powered by blists - more mailing lists