Follow @Openwall on Twitter for new release announcements and other news
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list] 
Date: Wed, 9 Dec 2015 15:31:32 +0100
From: Hannes Frederic Sowa <hannes@...essinduktion.org>
To: oss-security@...ts.openwall.com
Subject: Re: CVE request - Android kernel - IPv6 connect cause
 a denial of service

Hello,

On 09.12.2015 11:15, 郭永刚 wrote:
> 
> Analysis of causes:
> In the file net/ipv4/af_inet.c , It will cause pc is 0x0  , if the sk->sk_prot->get_port is NULL.
> static int inet_autobind(struct sock *sk)
> {
>          struct inet_sock *inet;
>          /* We may need to bind the socket. */
>          lock_sock(sk);
>          inet = inet_sk(sk);
>          if (!inet->inet_num) {
>                    if (sk->sk_prot->get_port(sk, 0)) {
>                             release_sock(sk);
>                             return -EAGAIN;
>                    }
>                    inet->inet_sport = htons(inet->inet_num);
>          }
>          release_sock(sk);
>          return 0;
> }
> 
> Solution:
> 
>          Add check as follow:
>                   if (sk->sk_prot->get_port &&sk->sk_prot->get_port(sk, 0)) {
>                             release_sock(sk);
>                             return -EAGAIN;
>                    }
> 

Thanks for the report, I will look into that. But I fear your solution
just papers over the bug and will leave the port in a half initialized
state.

Bye,
Hannes

Powered by blists - more mailing lists

Please check out the Open Source Software Security Wiki, which is counterpart to this mailing list.

Confused about mailing lists and their use? Read about mailing lists on Wikipedia and check out these guidelines on proper formatting of your messages.