lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [<thread-prev] [day] [month] [year] [list] 
Date:   Wed, 17 Aug 2022 11:20:20 +0200
From:   Bernard Pidoux <bernard.f6bvp@...il.com>
To:     Francois Romieu <romieu@...zoreil.com>
Cc:     "David S . Miller" <davem@...emloft.net>,
        Jakub Kicinski <kuba@...nel.org>,
        Paolo Abeni <pabeni@...hat.com>,
        Eric Dumazet <edumazet@...gle.com>,
        Thomas Osterried <thomas@...erried.de>,
        linux-hams@...r.kernel.org, netdev@...r.kernel.org,
        "Bernard f6bvp@...e" <f6bvp@...e.fr>
Subject: Re: [PATCH] rose: check NULL rose_loopback_neigh->loopback

Hi,

I absolutely agree with all your remarks, suggestions and nice 
improvement to my patch.

As I am definitively an amateur and not familiar with git send-email, 
may I ask you to resubmit the modified patch for me including:

Suggested-by Francois Romieu <romieu@...zoreil.com>

Thanks a lot.

Bernard

Le 16/08/2022 à 23:57, Francois Romieu a écrit :
> bernard.f6bvp@...il.com <bernard.f6bvp@...il.com> :
>> From: Bernard <bernard.f6bvp@...il.com>
>>
>> Since kernel 5.4.83 rose network connections were no more possible.
>> Last good rose module was with kernel 5.4.79.
>>
>> Francois Romieu <romieu@...zoreil.com> pointed the scope of changes to
>> the attached commit (3b3fd068c56e3fbea30090859216a368398e39bf
>> in mainline, 7f0ddd41e2899349461b578bec18e8bd492e1765 in stable).
> 
> The attachment did not follow the references from the original mail. :o/
> 
> The paragraph above may be summarized as:
> 
> Fixes: 3b3fd068c56e ("rose: Fix Null pointer dereference in rose_send_frame()")
> 
> ("Suggested-by" would be utter gourmandise)
> 
> [...]
>> IMHO this patch should be propagated back to LTS 5.4 kernel.
> 
> 3b3fd068c56e is itself tagged as 'Fixes: 1da177e4c3f4 ("Linux-2.6.12-rc2")',
> i.e. 'problem exists since git epoch back in 2005'. Stable people will
> probably apply your fix wherever 3b3fd068c56e has been applied or backported,
> namely anything post v5.10, stable v5.4, stable v4.19 and stable v4.14.
> 
>> Signed-off-by: Bernard Pidoux <f6bvp@...e.fr>
>> ---
>>   net/rose/rose_loopback.c | 6 ++++--
>>   1 file changed, 4 insertions(+), 2 deletions(-)
>>
>> diff --git a/net/rose/rose_loopback.c b/net/rose/rose_loopback.c
>> index 11c45c8c6c16..1c673db52636 100644
>> --- a/net/rose/rose_loopback.c
>> +++ b/net/rose/rose_loopback.c
>> @@ -97,8 +97,10 @@ static void rose_loopback_timer(struct timer_list *unused)
>>
>> 		if (frametype == ROSE_CALL_REQUEST) {
>> 			if (!rose_loopback_neigh->dev) {
>> -				kfree_skb(skb);
>> -				continue;
>> +				if (!rose_loopback_neigh->loopback) {
>> +					kfree_skb(skb);
>> +					continue;
>> +				}
> 
> FWIW, avoiding the extra indentation may be marginally more idiomatic:
> 
> @@ -96,7 +96,8 @@ static void rose_loopback_timer(struct timer_list *unused)
> 		}
> 
> 		if (frametype == ROSE_CALL_REQUEST) {
> -			if (!rose_loopback_neigh->dev) {
> +			if (!rose_loopback_neigh->dev &&
> +			    !rose_loopback_neigh->loopback) {
>   				kfree_skb(skb);
>   				continue;
> 			}
> Good night.
>

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ