lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [<thread-prev] [day] [month] [year] [list] 
Message-ID: <cbb5412.b171f.17f05941412.Coremail.duoming@zju.edu.cn>
Date:   Thu, 17 Feb 2022 10:47:44 +0800 (GMT+08:00)
From:   周多明 <duoming@....edu.cn>
To:     "Jakub Kicinski" <kuba@...nel.org>
Cc:     linux-hams@...r.kernel.org, ajk@...nets.uni-bremen.de,
        davem@...emloft.net, netdev@...r.kernel.org,
        linux-kernel@...r.kernel.org
Subject: Re: Re: [PATCH] drivers: hamradio: 6pack: fix UAF bug caused by
 mod_timer()

Hello,

Thank you very much for your time and pointing out problems in my patch.
I have sent the modified patch again just now.

We use pty to simulate 6pack device, the released resource is tty_struct->tty_port
in tty layer. 

The free trace is shown as below:
tty_release()->tty_release_struct()->release_tty()->tty_kref_put()->
queue_release_one_tty()->release_one_tty()->pty_cleanup()->tty_port_put(tty->port);

The use trace is shown as below:
sp_xmit_on_air()->pty_write()->tty_flip_buffer_push()->tty_schedule_flip(port);


Best wishes,
Duoming Zhou

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ