lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  PHC 
Open Source and information security mailing list archives
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list]
Date:   Fri, 29 May 2020 10:36:13 -0700 (PDT)
From:   Mat Martineau <>
To:     Paolo Abeni <>
cc:, "David S. Miller" <>,
        Jakub Kicinski <>
Subject: Re: [PATCH net 3/3] mptcp: remove msk from the token container at
 destruction time.

On Fri, 29 May 2020, Paolo Abeni wrote:

> Currently we remote the msk from the token container only
> via mptcp_close(). The MPTCP master socket can be destroyed
> also via other paths (e.g. if not yet accepted, when shutting
> down the listener socket). When we hit the latter scenario,
> dangling msk references are left into the token container,
> leading to memory corruption and/or UaF.
> This change addresses the issue by moving the token removal
> into the msk destructor.
> Fixes: 79c0949e9a09 ("mptcp: Add key generation and token tree")
> Signed-off-by: Paolo Abeni <>
> ---
> net/mptcp/protocol.c | 2 +-
> 1 file changed, 1 insertion(+), 1 deletion(-)

Reviewed-by: Mat Martineau <>

Mat Martineau

Powered by blists - more mailing lists