| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
Message-ID: <38F21A5C-DDFB-45C4-98BE-1690A3E5CA42@oracle.com>
Date: Thu, 31 Aug 2023 14:03:20 +0000
From: Chuck Lever III <chuck.lever@...cle.com>
To: Paolo Abeni <pabeni@...hat.com>
CC: Eric Dumazet <edumazet@...gle.com>,
"David S . Miller"
<davem@...emloft.net>,
Jakub Kicinski <kuba@...nel.org>,
"netdev@...r.kernel.org" <netdev@...r.kernel.org>,
"eric.dumazet@...il.com"
<eric.dumazet@...il.com>,
syzbot <syzkaller@...glegroups.com>
Subject: Re: [PATCH net] net/handshake: fix null-ptr-deref in
handshake_nl_done_doit()
> On Aug 31, 2023, at 3:54 AM, Paolo Abeni <pabeni@...hat.com> wrote:
>
> On Mon, 2023-08-28 at 09:13 +0000, Eric Dumazet wrote:
>> We should not call trace_handshake_cmd_done_err() if socket lookup has failed.
>
> I think Chuck would like to have a tracepoint for all the possible
> handshake_nl_done_doit() failures, but guess that could be added later
> on net-next, possibly refactoring the arguments list (e.g. adding an
> explicit fd arg, and passing explicitly a NULL sk).
Agree. A separate trace point that requires fewer arguments
can be added later for this case. But I don't feel like the
omission here is a show stopper.
>> Also we should call trace_handshake_cmd_done_err() before releasing the file,
>> otherwise dereferencing sock->sk can return garbage.
>>
>> This also reverts 7afc6d0a107f ("net/handshake: Fix uninitialized local variable")
>
> I can be low on coffee, but
>
> struct handshake_req *req = NULL;
>
> is still there after this patch ?!?
>
> Cheers,
>
> Paolo
>
--
Chuck Lever
Powered by blists - more mailing lists