lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [<thread-prev] [day] [month] [year] [list] 
Message-ID: <20250618162825.724112-1-kuni1840@gmail.com>
Date: Wed, 18 Jun 2025 09:28:21 -0700
From: Kuniyuki Iwashima <kuni1840@...il.com>
To: kuba@...nel.org
Cc: davem@...emloft.net,
	edumazet@...gle.com,
	horms@...nel.org,
	kuni1840@...il.com,
	kuniyu@...gle.com,
	netdev@...r.kernel.org,
	pabeni@...hat.com
Subject: Re: [PATCH v1 net 0/4] af_unix: Fix two OOB issues.

From: Jakub Kicinski <kuba@...nel.org>
Date: Wed, 18 Jun 2025 06:41:26 -0700
> On Tue, 17 Jun 2025 21:34:38 -0700 Kuniyuki Iwashima wrote:
> > Patch 1 fixes issues that happen when multiple consumed OOB
> > skbs are placed consecutively in the recv queue.
> > 
> > Patch 2 fixes an inconsistent behaviour that close()ing a socket
> > with a consumed OOB skb at the head of the recv queue triggers
> > -ECONNRESET on the peer's recv().
> 
> It appears to break the scm_rights tests, including a UAF.

Sorry, I forgot the length of a skb holding embryo is 0, maybe
sock_omalloc(1, ...) confused me.

Will fix it in v2.

Thanks!

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ