| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
Message-ID: <ygnhtudjofyg.fsf@nvidia.com>
Date: Mon, 31 Jan 2022 21:36:23 +0200
From: Vlad Buslov <vladbu@...dia.com>
To: Eric Dumazet <edumazet@...gle.com>
CC: Eric Dumazet <eric.dumazet@...il.com>,
"David S . Miller" <davem@...emloft.net>,
Jakub Kicinski <kuba@...nel.org>,
netdev <netdev@...r.kernel.org>,
Vlad Buslov <vladbu@...lanox.com>,
Jiri Pirko <jiri@...lanox.com>,
Cong Wang <xiyou.wangcong@...il.com>,
syzbot <syzkaller@...glegroups.com>
Subject: Re: [PATCH net] net: sched: fix use-after-free in tc_new_tfilter()
On Mon 31 Jan 2022 at 21:31, Eric Dumazet <edumazet@...gle.com> wrote:
> On Mon, Jan 31, 2022 at 11:28 AM Vlad Buslov <vladbu@...dia.com> wrote:
>>
>> Yeah, but I also didn't get how the "chain" variable can get reused in
>> that other function (tcf_new_tfilter()). It seems to always be
>> unconditionally assigned with return value of tcf_chain_get().
>>
>
> This is why I removed the chain=NULL initialization which is not needed.
>
> The potential issue about replay was really about @q variable.
Got it. Initially it wasn't clear because I got the impression from
commit message that reuse of both variables can lead to use-after-free:
"we need to make sure @q and @chain local variables are cleared again,
or risk use-after-free".
Powered by blists - more mailing lists