lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening PHC | |
Open Source and information security mailing list archives
| ||
|
Date: Fri, 24 Jan 2020 16:43:23 -0800 From: Cong Wang <xiyou.wangcong@...il.com> To: Eric Dumazet <edumazet@...gle.com> Cc: "David S . Miller" <davem@...emloft.net>, netdev <netdev@...r.kernel.org>, Eric Dumazet <eric.dumazet@...il.com>, syzbot+03c4738ed29d5d366ddf@...kaller.appspotmail.com Subject: Re: [PATCH net] net_sched: ematch: reject invalid TCF_EM_SIMPLE On Fri, Jan 24, 2020 at 2:57 PM Eric Dumazet <edumazet@...gle.com> wrote: > > It is possible for malicious userspace to set TCF_EM_SIMPLE bit > even for matches that should not have this bit set. > > This can fool two places using tcf_em_is_simple() > > 1) tcf_em_tree_destroy() -> memory leak of em->data > if ops->destroy() is NULL > > 2) tcf_em_tree_dump() wrongly report/leak 4 low-order bytes > of a kernel pointer. Acked-by: Cong Wang <xiyou.wangcong@...il.com>
Powered by blists - more mailing lists