lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
Open Source and information security mailing list archives
| ||
|
Date: Wed, 26 Jun 2019 23:59:15 -0300 From: Marcelo Ricardo Leitner <marcelo.leitner@...il.com> To: Xin Long <lucien.xin@...il.com> Cc: network dev <netdev@...r.kernel.org>, linux-sctp@...r.kernel.org, davem@...emloft.net, Neil Horman <nhorman@...driver.com>, syzkaller-bugs@...glegroups.com Subject: Re: [PATCH net] sctp: not bind the socket in sctp_connect On Wed, Jun 26, 2019 at 04:31:39PM +0800, Xin Long wrote: > Now when sctp_connect() is called with a wrong sa_family, it binds > to a port but doesn't set bp->port, then sctp_get_af_specific will > return NULL and sctp_connect() returns -EINVAL. > > Then if sctp_bind() is called to bind to another port, the last > port it has bound will leak due to bp->port is NULL by then. > > sctp_connect() doesn't need to bind ports, as later __sctp_connect > will do it if bp->port is NULL. So remove it from sctp_connect(). > While at it, remove the unnecessary sockaddr.sa_family len check > as it's already done in sctp_inet_connect. > > Fixes: 644fbdeacf1d ("sctp: fix the issue that flags are ignored when using kernel_connect") > Reported-by: syzbot+079bf326b38072f849d9@...kaller.appspotmail.com > Signed-off-by: Xin Long <lucien.xin@...il.com> Please give me another day to review this one. Thanks.
Powered by blists - more mailing lists