lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [<thread-prev] [day] [month] [year] [list] 
Message-ID: <20200129173525.ikrw5bckxrgqc52v@salvia>
Date:   Wed, 29 Jan 2020 18:35:25 +0100
From:   Pablo Neira Ayuso <pablo@...filter.org>
To:     Kadlecsik József <kadlec@...ckhole.kfki.hu>
Cc:     syzbot <syzbot+fc69d7cb21258ab4ae4d@...kaller.appspotmail.com>,
        netdev@...r.kernel.org, netfilter-devel@...r.kernel.org,
        syzkaller-bugs@...glegroups.com
Subject: Re: [PATCH 1/1] netfilter: ipset: fix suspicious RCU usage in
 find_set_and_id

On Sat, Jan 25, 2020 at 08:39:25PM +0100, Kadlecsik József wrote:
> find_set_and_id() is called when the NFNL_SUBSYS_IPSET mutex is held.
> However, in the error path there can be a follow-up recvmsg() without
> the mutex held. Use the start() function of struct netlink_dump_control
> instead of dump() to verify and report if the specified set does not
> exist.

Applied, thanks Jozsef.

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ