lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
Open Source and information security mailing list archives
| ||
|
Message-ID: <65691cd64d044_16b8e208a0@john.notmuch> Date: Thu, 30 Nov 2023 15:37:58 -0800 From: John Fastabend <john.fastabend@...il.com> To: Eric Dumazet <edumazet@...gle.com>, John Fastabend <john.fastabend@...il.com> Cc: Daniel Borkmann <daniel@...earbox.net>, davem@...emloft.net, kuba@...nel.org, pabeni@...hat.com, ast@...nel.org, andrii@...nel.org, martin.lau@...ux.dev, netdev@...r.kernel.org, bpf@...r.kernel.org, jakub@...udflare.com Subject: Re: pull-request: bpf 2023-11-30 Eric Dumazet wrote: > On Thu, Nov 30, 2023 at 5:04 PM Eric Dumazet <edumazet@...gle.com> wrote: > > > > > Here is the repro: > > > > # See https://goo.gl/kgGztJ for information about syzkaller reproducers. > > #{"procs":1,"slowdown":1,"sandbox":"","sandbox_arg":0,"close_fds":false} > > r0 = socket(0x1, 0x1, 0x0) > > r1 = bpf$MAP_CREATE(0x0, &(0x7f0000000200)=@...e={0xf, 0x4, 0x4, 0x12}, 0x48) > > bpf$MAP_UPDATE_ELEM(0x2, &(0x7f0000000140)={r1, &(0x7f0000000000), > > &(0x7f0000000100)=@...6=r0}, 0x20) > > > > I will release the syzbot report, and send the patch, thanks. > > Actually I will release the syzbot report, and let you work on a fix, > perhaps as you pointed out we could be more restrictive. Thanks, I think just fixing the null ptr deref is probably not enough because that socket could be connected() after that and then we get back to the original issue where we don't hold a ref on the peer sock. I'll just block adding non established af_unix socks to the map and if someone wants to support unconnected sockets they can add support for it then.
Powered by blists - more mailing lists