lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite for Android: free password hash cracker in your pocket
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list] 
Message-ID: <YvwSxBhoMl0ueJ3z@electric-eye.fr.zoreil.com>
Date:   Tue, 16 Aug 2022 23:57:24 +0200
From:   Francois Romieu <romieu@...zoreil.com>
To:     bernard.f6bvp@...il.com
Cc:     "David S . Miller" <davem@...emloft.net>,
        Jakub Kicinski <kuba@...nel.org>,
        Paolo Abeni <pabeni@...hat.com>,
        Eric Dumazet <edumazet@...gle.com>,
        Thomas Osterried <thomas@...erried.de>,
        linux-hams@...r.kernel.org, netdev@...r.kernel.org,
        Bernard Pidoux <f6bvp@...e.fr>
Subject: Re: [PATCH] rose: check NULL rose_loopback_neigh->loopback

bernard.f6bvp@...il.com <bernard.f6bvp@...il.com> :
> From: Bernard <bernard.f6bvp@...il.com>
> 
> Since kernel 5.4.83 rose network connections were no more possible.
> Last good rose module was with kernel 5.4.79.
> 
> Francois Romieu <romieu@...zoreil.com> pointed the scope of changes to
> the attached commit (3b3fd068c56e3fbea30090859216a368398e39bf
> in mainline, 7f0ddd41e2899349461b578bec18e8bd492e1765 in stable).

The attachment did not follow the references from the original mail. :o/

The paragraph above may be summarized as:

Fixes: 3b3fd068c56e ("rose: Fix Null pointer dereference in rose_send_frame()")

("Suggested-by" would be utter gourmandise)

[...]
> IMHO this patch should be propagated back to LTS 5.4 kernel.

3b3fd068c56e is itself tagged as 'Fixes: 1da177e4c3f4 ("Linux-2.6.12-rc2")',
i.e. 'problem exists since git epoch back in 2005'. Stable people will
probably apply your fix wherever 3b3fd068c56e has been applied or backported,
namely anything post v5.10, stable v5.4, stable v4.19 and stable v4.14.

> Signed-off-by: Bernard Pidoux <f6bvp@...e.fr>
> ---
>  net/rose/rose_loopback.c | 6 ++++--
>  1 file changed, 4 insertions(+), 2 deletions(-)
> 
> diff --git a/net/rose/rose_loopback.c b/net/rose/rose_loopback.c
> index 11c45c8c6c16..1c673db52636 100644
> --- a/net/rose/rose_loopback.c
> +++ b/net/rose/rose_loopback.c
> @@ -97,8 +97,10 @@ static void rose_loopback_timer(struct timer_list *unused)
> 
> 		if (frametype == ROSE_CALL_REQUEST) {
> 			if (!rose_loopback_neigh->dev) {
> -				kfree_skb(skb);
> -				continue;
> +				if (!rose_loopback_neigh->loopback) {
> +					kfree_skb(skb);
> +					continue;
> +				}

FWIW, avoiding the extra indentation may be marginally more idiomatic:

@@ -96,7 +96,8 @@ static void rose_loopback_timer(struct timer_list *unused)
		}

		if (frametype == ROSE_CALL_REQUEST) {
-			if (!rose_loopback_neigh->dev) {
+			if (!rose_loopback_neigh->dev &&
+			    !rose_loopback_neigh->loopback) {
 				kfree_skb(skb);
 				continue;
			}
Good night.

-- 
Ueimor

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ