lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [<thread-prev] [day] [month] [year] [list]
Message-ID: <CAHC9VhR_eHxS9HFGx1QwRj9wqcmcg5794cCJ8QXKsbGA1+QELQ@mail.gmail.com>
Date:   Tue, 7 Sep 2021 09:06:45 -0400
From:   Paul Moore <paul@...l-moore.com>
To:     Sasha Levin <sashal@...nel.org>
Cc:     Dongliang Mu <mudongliangabcd@...il.com>,
        王贇 <yun.wang@...ux.alibaba.com>,
        linux-kernel <linux-kernel@...r.kernel.org>,
        stable@...r.kernel.org, Abaci <abaci@...ux.alibaba.com>,
        "David S . Miller" <davem@...emloft.net>,
        "open list:NETWORKING [GENERAL]" <netdev@...r.kernel.org>,
        linux-security-module@...r.kernel.org
Subject: Re: [PATCH AUTOSEL 5.13 13/14] net: fix NULL pointer reference in cipso_v4_doi_free

On Sun, Sep 5, 2021 at 8:54 AM Sasha Levin <sashal@...nel.org> wrote:
> On Mon, Aug 30, 2021 at 10:20:22AM -0400, Paul Moore wrote:
> >On Mon, Aug 30, 2021 at 8:42 AM Dongliang Mu <mudongliangabcd@...il.com> wrote:
> >>
> >> On Mon, Aug 30, 2021 at 8:01 PM Sasha Levin <sashal@...nel.org> wrote:
> >> >
> >> > From: 王贇 <yun.wang@...ux.alibaba.com>
> >> >
> >> > [ Upstream commit 733c99ee8be9a1410287cdbb943887365e83b2d6 ]
> >> >
> >>
> >> Hi Sasha,
> >>
> >> Michael Wang has sent a v2 patch [1] for this bug and it is merged
> >> into netdev/net-next.git. However, the v1 patch is already in the
> >> upstream tree.
> >>
> >> How do you guys handle such a issue?
> >>
> >> [1] https://lkml.org/lkml/2021/8/30/229
> >
> >Ugh.  Michael can you please work with netdev to fix this in the
> >upstream, and hopefully -stable, kernels?  My guess is you will need
> >to rebase your v2 patch on top of the v1 patch (basically what exists
> >in upstream) and send that back out.
>
> I'm just going to drop this one for now (it never made it in). If there
> is a follow-up you do want us to queue please let us know :)

Thanks Sasha.  The lore link below is the v2 version of the patch and
it is worth merging as a fix into the older kernels.

* https://lore.kernel.org/linux-security-module/18f0171e-0cc8-6ae6-d04a-a69a2a3c1a39@linux.alibaba.com

-- 
paul moore
www.paul-moore.com

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ