Openwall GNU/*/Linux - a small security-enhanced Linux distro for servers
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list]
Date: Fri, 11 Dec 2015 18:47:35 +0100
From: Hannes Frederic Sowa <hannes@...essinduktion.org>
To: oss-security@...ts.openwall.com, guoyonggang@....cn
Cc: cve-assign@...re.org
Subject: Re: Re: CVE request - Android kernel - IPv6 connect
 cause a denial of service

Hello,

On 11.12.2015 17:41, cve-assign@...re.org wrote:
>> net/ipv4/af_inet.c
>> inet_autobind
> 
>> if (sk->sk_prot->get_port(sk, 0)) {
> 
>>> if the sk->sk_prot->get_port is NULL
> 
>>> [ an unanticipated condition ]
> 
>>> Solution:
>>> if (sk->sk_prot->get_port &&sk->sk_prot->get_port(sk, 0)) {
> 
>>>> From: Hannes Frederic Sowa <hannes@...essinduktion.org>
>>>> Date: Wed, 9 Dec 2015 15:31:32 +0100
> 
>>>> I fear your solution
>>>> just papers over the bug and will leave the port in a half initialized
>>>> state.
> 
> Use CVE-2015-8543 for the originally identified bug. We realize that,
> for example,
> http://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/log/net/ipv4/af_inet.c
> has not yet been changed. If Linux kernel developers determine that
> multiple independent bugs result in situations where
> sk->sk_prot->get_port is NULL above, then it is possible that
> additional CVE IDs will be assigned later.

I have a fix in my queue and push it to stable, soon. Thanks again for
this report!

Bye,
Hannes

Powered by blists - more mailing lists

Your e-mail address:

Please check out the Open Source Software Security Wiki, which is counterpart to this mailing list.

Powered by Openwall GNU/*/Linux - Powered by OpenVZ