| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening PHC | |
|
Open Source and information security mailing list archives
| ||
|
Date: Wed, 14 Oct 2020 20:43:22 -0700
From: Jakub Kicinski <kuba@...nel.org>
To: Kleber Sacilotto de Souza <kleber.souza@...onical.com>
Cc: netdev@...r.kernel.org, Gerrit Renker <gerrit@....abdn.ac.uk>,
"David S. Miller" <davem@...emloft.net>,
Thadeu Lima de Souza Cascardo <cascardo@...onical.com>,
"Gustavo A. R. Silva" <gustavoars@...nel.org>,
"Alexander A. Klimov" <grandmaster@...klimov.de>,
Kees Cook <keescook@...omium.org>,
Eric Dumazet <edumazet@...gle.com>,
Alexey Kodanev <alexey.kodanev@...cle.com>,
dccp@...r.kernel.org, linux-kernel@...r.kernel.org
Subject: Re: [PATCH 1/2] dccp: ccid: move timers to struct dccp_sock
On Tue, 13 Oct 2020 19:18:48 +0200 Kleber Sacilotto de Souza wrote:
> From: Thadeu Lima de Souza Cascardo <cascardo@...onical.com>
>
> When dccps_hc_tx_ccid is freed, ccid timers may still trigger. The reason
> del_timer_sync can't be used is because this relies on keeping a reference
> to struct sock. But as we keep a pointer to dccps_hc_tx_ccid and free that
> during disconnect, the timer should really belong to struct dccp_sock.
>
> This addresses CVE-2020-16119.
>
> Fixes: 839a6094140a (net: dccp: Convert timers to use timer_setup())
Presumably you chose this commit because the fix won't apply beyond it?
But it really fixes 2677d2067731 (dccp: don't free.. right?
> Signed-off-by: Thadeu Lima de Souza Cascardo <cascardo@...onical.com>
> Signed-off-by: Kleber Sacilotto de Souza <kleber.souza@...onical.com>
Powered by blists - more mailing lists