lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening PHC | |
Open Source and information security mailing list archives
| ||
|
Date: Wed, 14 Oct 2020 20:43:22 -0700 From: Jakub Kicinski <kuba@...nel.org> To: Kleber Sacilotto de Souza <kleber.souza@...onical.com> Cc: netdev@...r.kernel.org, Gerrit Renker <gerrit@....abdn.ac.uk>, "David S. Miller" <davem@...emloft.net>, Thadeu Lima de Souza Cascardo <cascardo@...onical.com>, "Gustavo A. R. Silva" <gustavoars@...nel.org>, "Alexander A. Klimov" <grandmaster@...klimov.de>, Kees Cook <keescook@...omium.org>, Eric Dumazet <edumazet@...gle.com>, Alexey Kodanev <alexey.kodanev@...cle.com>, dccp@...r.kernel.org, linux-kernel@...r.kernel.org Subject: Re: [PATCH 1/2] dccp: ccid: move timers to struct dccp_sock On Tue, 13 Oct 2020 19:18:48 +0200 Kleber Sacilotto de Souza wrote: > From: Thadeu Lima de Souza Cascardo <cascardo@...onical.com> > > When dccps_hc_tx_ccid is freed, ccid timers may still trigger. The reason > del_timer_sync can't be used is because this relies on keeping a reference > to struct sock. But as we keep a pointer to dccps_hc_tx_ccid and free that > during disconnect, the timer should really belong to struct dccp_sock. > > This addresses CVE-2020-16119. > > Fixes: 839a6094140a (net: dccp: Convert timers to use timer_setup()) Presumably you chose this commit because the fix won't apply beyond it? But it really fixes 2677d2067731 (dccp: don't free.. right? > Signed-off-by: Thadeu Lima de Souza Cascardo <cascardo@...onical.com> > Signed-off-by: Kleber Sacilotto de Souza <kleber.souza@...onical.com>
Powered by blists - more mailing lists