lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [thread-next>] [day] [month] [year] [list]
Date:   Tue, 29 Mar 2022 21:31:23 -0400
From:   "Jason A. Donenfeld" <>
Cc:     "Jason A. Donenfeld" <>
Subject: [PATCH net 0/4] wireguard patches for 5.18-rc1

Hi Dave/Jakub,

Here's a small set of fixes for the next net push:

1) Pipacs reported a CFI violation in a cleanup routine, which he
   triggered using grsec's RAP. I haven't seen reports of this yet from
   the Android/CFI world yet, but it's only a matter of time there.

2) A small rng cleanup to the self test harness to make it initialize
   faster on 5.18.

3) Wang reported and fixed a skb leak for CONFIG_IPV6=n.

4) After Wang's fix for the direct leak, I investigated how that code
   path even could be hit, and found that the netlink layer still
   handles IPv6 endpoints, when it probably shouldn't.

The relevant commits have stable@ and fixes tags.


Jason A. Donenfeld (3):
  wireguard: queueing: use CFI-safe ptr_ring cleanup function
  wireguard: selftests: simplify RNG seeding
  wireguard: socket: ignore v6 endpoints when ipv6 is disabled

Wang Hai (1):
  wireguard: socket: free skb in send6 when ipv6 is disabled

 drivers/net/wireguard/queueing.c              |  3 ++-
 drivers/net/wireguard/socket.c                |  5 ++--
 tools/testing/selftests/wireguard/qemu/init.c | 26 +++++--------------
 3 files changed, 12 insertions(+), 22 deletions(-)


Powered by blists - more mailing lists