lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [thread-next>] [day] [month] [year] [list]
Date:   Mon, 1 Apr 2019 02:23:39 -0700
From:   Eric Dumazet <edumazet@...gle.com>
To:     "dust.li" <dust.li@...ux.alibaba.com>
Cc:     David Miller <davem@...emloft.net>,
        Alexey Kuznetsov <kuznet@....inr.ac.ru>,
        Hideaki YOSHIFUJI <yoshfuji@...ux-ipv6.org>,
        netdev <netdev@...r.kernel.org>,
        LKML <linux-kernel@...r.kernel.org>, caspar@...ux.alibaba.com
Subject: Re: [PATCH] tcp: fix a potential NULL pointer dereference in tcp_sk_exit

On Mon, Apr 1, 2019 at 1:05 AM dust.li <dust.li@...ux.alibaba.com> wrote:
>
> From: Dust Li <dust.li@...ux.alibaba.com>
>
>  When tcp_sk_init() failed in inet_ctl_sock_create(),
>  'net->ipv4.tcp_congestion_control' will be left
>  uninitialized, but tcp_sk_exit() hasn't check for
>  that.
>
>  This patch add checking on 'net->ipv4.tcp_congestion_control'
>  in tcp_sk_exit() to prevent NULL-ptr dereference.
>
> Signed-off-by: Dust Li <dust.li@...ux.alibaba.com>

Fixes: 6670e1524477 ("tcp: Namespace-ify sysctl_tcp_default_congestion_control")
Signed-off-by: Eric Dumazet <edumazet@...gle.com>

Thanks.


> ---
>  net/ipv4/tcp_ipv4.c | 3 ++-
>  1 file changed, 2 insertions(+), 1 deletion(-)
>
> diff --git a/net/ipv4/tcp_ipv4.c b/net/ipv4/tcp_ipv4.c
> index 277d71239d75..2f8039a26b08 100644
> --- a/net/ipv4/tcp_ipv4.c
> +++ b/net/ipv4/tcp_ipv4.c
> @@ -2578,7 +2578,8 @@ static void __net_exit tcp_sk_exit(struct net *net)
>  {
>         int cpu;
>
> -       module_put(net->ipv4.tcp_congestion_control->owner);
> +       if (net->ipv4.tcp_congestion_control)
> +               module_put(net->ipv4.tcp_congestion_control->owner);
>
>         for_each_possible_cpu(cpu)
>                 inet_ctl_sock_destroy(*per_cpu_ptr(net->ipv4.tcp_sk, cpu));
> --
> 2.14.4.44.g2045bb6
>

Powered by blists - more mailing lists