lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  PHC 
Open Source and information security mailing list archives
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [<thread-prev] [day] [month] [year] [list]
Date:   Sat, 14 Dec 2019 17:21:26 -0800
From:   Jakub Kicinski <>
To:     Taehee Yoo <>
Subject: Re: [PATCH net 0/4] gtp: fix several bugs in gtp module

On Wed, 11 Dec 2019 08:22:43 +0000, Taehee Yoo wrote:
> This patchset fixes several bugs in the GTP module.
> 1. Do not allow adding duplicate TID and ms_addr pdp context.
> In the current code, duplicate TID and ms_addr pdp context could be added.
> So, RX and TX path could find correct pdp context.
> 2. Fix wrong condition in ->dumpit() callback.
> ->dumpit() callback is re-called if dump packet size is too big.  
> So, before return, it saves last position and then restart from
> last dump position.
> TID value is used to find last dump position.
> GTP module allows adding zero TID value. But ->dumpit() callback ignores
> zero TID value.
> So, dump would not work correctly if dump packet size too big.
> 3. Fix use-after-free in ipv4_pdp_find().
> RX and TX patch always uses gtp->tid_hash and gtp->addr_hash.
> but while packet processing, these hash pointer would be freed.
> So, use-after-free would occur.
> 4. Fix panic because of zero size hashtable
> GTP hashtable size could be set by user-space.
> If hashsize is set to 0, hashtable will not work and panic will occur.

Looks good to me, thank you, applied and queued for stable.

Powered by blists - more mailing lists