lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list] 
Message-ID: <20190612203230.GB23166@hmswarspite.think-freely.org>
Date:   Wed, 12 Jun 2019 16:32:30 -0400
From:   Neil Horman <nhorman@...driver.com>
To:     Marcelo Ricardo Leitner <marcelo.leitner@...il.com>
Cc:     linux-sctp@...r.kernel.org, netdev@...r.kernel.org,
        syzbot+f7e9153b037eac9b1df8@...kaller.appspotmail.com,
        Xin Long <lucien.xin@...il.com>,
        "David S. Miller" <davem@...emloft.net>
Subject: Re: [PATCH v4 net] sctp: Free cookie before we memdup a new one

On Wed, Jun 12, 2019 at 03:07:15PM -0300, Marcelo Ricardo Leitner wrote:
> On Tue, Jun 11, 2019 at 08:38:14PM -0400, Neil Horman wrote:
> > Based on comments from Xin, even after fixes for our recent syzbot
> > report of cookie memory leaks, its possible to get a resend of an INIT
> > chunk which would lead to us leaking cookie memory.
> > 
> > To ensure that we don't leak cookie memory, free any previously
> > allocated cookie first.
> > 
> > ---
> 
> This marker can't be here, as it causes git to loose everything below.
> 
thats intentional so that, when Dave commits it, the change notes arent carried
into the changelog (I.e. the change notes are useful for email review, but not
especially useful in the permanent commit history).

Neil

> > Change notes
> > v1->v2
> > update subsystem tag in subject (davem)
> > repeat kfree check for peer_random and peer_hmacs (xin)
> > 
> > v2->v3
> > net->sctp
> > also free peer_chunks
> > 
> > v3->v4
> > fix subject tags
> > 
> > Signed-off-by: Neil Horman <nhorman@...driver.com>
> > Reported-by: syzbot+f7e9153b037eac9b1df8@...kaller.appspotmail.com
> > CC: Marcelo Ricardo Leitner <marcelo.leitner@...il.com>
> > CC: Xin Long <lucien.xin@...il.com>
> > CC: "David S. Miller" <davem@...emloft.net>
> > CC: netdev@...r.kernel.org
> 
> Anyhow, LGTM and reproducer didn't give any hits in 2 runs of 50mins.
> Acked-by: Marcelo Ricardo Leitner <marcelo.leitner@...il.com>
>

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ