lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [<thread-prev] [day] [month] [year] [list] 
Date: Fri, 01 Dec 2023 07:30:24 +0000
From: patchwork-bot+netdevbpf@...nel.org
To: Eric Dumazet <edumazet@...gle.com>
Cc: davem@...emloft.net, kuba@...nel.org, pabeni@...hat.com,
 netdev@...r.kernel.org, eric.dumazet@...il.com, syzkaller@...glegroups.com,
 weiwan@...gle.com
Subject: Re: [PATCH net] ipv6: fix potential NULL deref in fib6_add()

Hello:

This patch was applied to netdev/net.git (main)
by Jakub Kicinski <kuba@...nel.org>:

On Wed, 29 Nov 2023 16:06:30 +0000 you wrote:
> If fib6_find_prefix() returns NULL, we should silently fallback
> using fib6_null_entry regardless of RT6_DEBUG value.
> 
> syzbot reported:
> 
> WARNING: CPU: 0 PID: 5477 at net/ipv6/ip6_fib.c:1516 fib6_add+0x310d/0x3fa0 net/ipv6/ip6_fib.c:1516
> Modules linked in:
> CPU: 0 PID: 5477 Comm: syz-executor.0 Not tainted 6.7.0-rc2-syzkaller-00029-g9b6de136b5f0 #0
> Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 11/10/2023
> RIP: 0010:fib6_add+0x310d/0x3fa0 net/ipv6/ip6_fib.c:1516
> Code: 00 48 8b 54 24 68 e8 42 22 00 00 48 85 c0 74 14 49 89 c6 e8 d5 d3 c2 f7 eb 5d e8 ce d3 c2 f7 e9 ca 00 00 00 e8 c4 d3 c2 f7 90 <0f> 0b 90 48 b8 00 00 00 00 00 fc ff df 48 8b 4c 24 38 80 3c 01 00
> RSP: 0018:ffffc90005067740 EFLAGS: 00010293
> RAX: ffffffff89cba5bc RBX: ffffc90005067ab0 RCX: ffff88801a2e9dc0
> RDX: 0000000000000000 RSI: 0000000000000001 RDI: 0000000000000000
> RBP: ffffc90005067980 R08: ffffffff89cbca85 R09: 1ffff110040d4b85
> R10: dffffc0000000000 R11: ffffed10040d4b86 R12: 00000000ffffffff
> R13: 1ffff110051c3904 R14: ffff8880206a5c00 R15: ffff888028e1c820
> FS: 00007f763783c6c0(0000) GS:ffff8880b9800000(0000) knlGS:0000000000000000
> CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033
> CR2: 00007f763783bff8 CR3: 000000007f74d000 CR4: 00000000003506f0
> DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000
> DR3: 0000000000000000 DR6: 00000000fffe0ff0 DR7: 0000000000000400
> Call Trace:
> <TASK>
> __ip6_ins_rt net/ipv6/route.c:1303 [inline]
> ip6_route_add+0x88/0x120 net/ipv6/route.c:3847
> ipv6_route_ioctl+0x525/0x7b0 net/ipv6/route.c:4467
> inet6_ioctl+0x21a/0x270 net/ipv6/af_inet6.c:575
> sock_do_ioctl+0x152/0x460 net/socket.c:1220
> sock_ioctl+0x615/0x8c0 net/socket.c:1339
> vfs_ioctl fs/ioctl.c:51 [inline]
> __do_sys_ioctl fs/ioctl.c:871 [inline]
> __se_sys_ioctl+0xf8/0x170 fs/ioctl.c:857
> do_syscall_x64 arch/x86/entry/common.c:51 [inline]
> do_syscall_64+0x45/0x110 arch/x86/entry/common.c:82
> 
> [...]

Here is the summary with links:
  - [net] ipv6: fix potential NULL deref in fib6_add()
    https://git.kernel.org/netdev/net/c/75475bb51e78

You are awesome, thank you!
-- 
Deet-doot-dot, I am a bot.
https://korg.docs.kernel.org/patchwork/pwbot.html

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ