| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
Date: Wed, 8 Dec 2021 11:34:14 -0500
From: Stephen Suryaputra <ssuryaextr@...il.com>
To: David Ahern <dsahern@...il.com>
Cc: Florian Westphal <fw@...len.de>,
Andrea Mayer <andrea.mayer@...roma2.it>,
Andrea Righi <andrea.righi@...onical.com>,
"David S. Miller" <davem@...emloft.net>,
Hideaki YOSHIFUJI <yoshfuji@...ux-ipv6.org>,
David Ahern <dsahern@...nel.org>,
Jakub Kicinski <kuba@...nel.org>, netdev@...r.kernel.org,
linux-kernel@...r.kernel.org,
Ahmed Abdelsalam <ahabdels@...il.com>,
Paolo Lungaroni <paolo.lungaroni@...roma2.it>,
Stefano Salsano <stefano.salsano@...roma2.it>
Subject: Re: [PATCH] ipv6: fix NULL pointer dereference in ip6_output()
On Wed, Dec 08, 2021 at 08:46:37AM -0700, David Ahern wrote:
> On 12/8/21 3:51 AM, Florian Westphal wrote:
> > David Ahern <dsahern@...il.com> wrote:
> >> On 12/7/21 5:21 PM, Andrea Mayer wrote:
> >>> + IP6CB(skb)->iif = skb->skb_iif;
> >>> [...]
> >>>
> >>> What do you think?
> >>>
> >>
> >> I like that approach over the need for a fall back in core ipv6 code.
> >
> > What if the device is removed after ->iif assignment and before dev lookup?
> >
>
> good point. SR6 should make sure the iif is not cleared, and the
> fallback to the skb->dev is still needed in case of delete.
Thanks for the explanation. I was thinking that ->iif can safely be
assumed to be valid. Florian's point that device can be removed is a
good one. My bad for not putting the check and thanks for fixing.
Powered by blists - more mailing lists