| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
Message-Id: <20181210232330.4707-1-xiyou.wangcong@gmail.com>
Date: Mon, 10 Dec 2018 15:23:30 -0800
From: Cong Wang <xiyou.wangcong@...il.com>
To: netdev@...r.kernel.org
Cc: Cong Wang <xiyou.wangcong@...il.com>,
Ying Xue <ying.xue@...driver.com>,
Jon Maloy <jon.maloy@...csson.com>
Subject: [Patch net] tipc: compare remote and local protocols in tipc_udp_enable()
When TIPC_NLA_UDP_REMOTE is an IPv6 mcast address but
TIPC_NLA_UDP_LOCAL is an IPv4 address, a NULL-ptr deref is triggered
as the UDP tunnel sock is initialized to IPv4 or IPv6 sock merely
based on the protocol in local address.
We should just error out when the remote address and local address
have different protocols.
Reported-by: syzbot+eb4da3a20fad2e52555d@...kaller.appspotmail.com
Cc: Ying Xue <ying.xue@...driver.com>
Cc: Jon Maloy <jon.maloy@...csson.com>
Signed-off-by: Cong Wang <xiyou.wangcong@...il.com>
---
net/tipc/udp_media.c | 5 +++++
1 file changed, 5 insertions(+)
diff --git a/net/tipc/udp_media.c b/net/tipc/udp_media.c
index 1b1ba1310ea7..4d85d71f16e2 100644
--- a/net/tipc/udp_media.c
+++ b/net/tipc/udp_media.c
@@ -679,6 +679,11 @@ static int tipc_udp_enable(struct net *net, struct tipc_bearer *b,
if (err)
goto err;
+ if (remote.proto != local.proto) {
+ err = -EINVAL;
+ goto err;
+ }
+
/* Checking remote ip address */
rmcast = tipc_udp_is_mcast_addr(&remote);
--
2.19.2
Powered by blists - more mailing lists