lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [<thread-prev] [day] [month] [year] [list] 
Date:   Thu, 6 Jun 2019 16:06:54 +0800
From:   Gen Zhang <blackgod016574@...il.com>
To:     Marcus Meissner <meissner@...e.de>
Cc:     wmealing@...hat.com, netdev@...r.kernel.org
Subject: Re: likely invalid CVE assignment for commit
 95baa60a0da80a0143e3ddd4d3725758b4513825

On Thu, Jun 06, 2019 at 09:55:07AM +0200, Marcus Meissner wrote:
> Hi,
> 
> Dave does not like private-only emails, so again for netdev list:
> 
> On Wed, Jun 05, 2019 at 11:20:29AM +0200, Marcus Meissner wrote:
> > Hi Gen Zhang,
> > 
> > looking at https://git.kernel.org/pub/scm/linux/kernel/git/davem/net.git/commit/?id=95baa60a0da80a0143e3ddd4d3725758b4513825
> > 
> > 	ipv6_sockglue: Fix a missing-check bug in ip6_ra_control()
> > 	In function ip6_ra_control(), the pointer new_ra is allocated a memory
> > 	space via kmalloc(). And it is used in the following codes. However,
> > 	when there is a memory allocation error, kmalloc() fails. Thus null
> > 	pointer dereference may happen. And it will cause the kernel to crash.
> > 	Therefore, we should check the return value and handle the error.
> > 
> > There seems to be no case in current GIT where new_ra is being dereferenced even if it
> > is NULL (kfree(NULL) will work fine).
> > 
> > Was this just an assumption based on insufficient code review, or was there a real
> > crash observed and how?
> 
> The reporter had replied privately that he was only doing a code audit.
Thanks again for your concerns of this patch.

It is not exactly that. This comes from a static analysis research 
prototype. And I think it is different from 'only doing code audit'.

Thanks
Gen
> 
> We (Redhat and SUSE) wonder if this fix is needed at all.
> 
> Ciao, Marcus

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ