Openwall GNU/*/Linux - a small security-enhanced Linux distro for servers
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list]
Date: Fri, 11 Dec 2015 18:47:35 +0100
From: Hannes Frederic Sowa <hannes@...essinduktion.org>
To: oss-security@...ts.openwall.com, guoyonggang@....cn
Cc: cve-assign@...re.org
Subject: Re: Re: CVE request - Android kernel - IPv6 connect
 cause a denial of service

Hello,

On 11.12.2015 17:41, cve-assign@...re.org wrote:
>> net/ipv4/af_inet.c
>> inet_autobind
> 
>> if (sk->sk_prot->get_port(sk, 0)) {
> 
>>> if the sk->sk_prot->get_port is NULL
> 
>>> [ an unanticipated condition ]
> 
>>> Solution:
>>> if (sk->sk_prot->get_port &&sk->sk_prot->get_port(sk, 0)) {
> 
>>>> From: Hannes Frederic Sowa <hannes@...essinduktion.org>
>>>> Date: Wed, 9 Dec 2015 15:31:32 +0100
> 
>>>> I fear your solution
>>>> just papers over the bug and will leave the port in a half initialized
>>>> state.
> 
> Use CVE-2015-8543 for the originally identified bug. We realize that,
> for example,
> http://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/log/net/ipv4/af_inet.c
> has not yet been changed. If Linux kernel developers determine that
> multiple independent bugs result in situations where
> sk->sk_prot->get_port is NULL above, then it is possible that
> additional CVE IDs will be assigned later.

I have a fix in my queue and push it to stable, soon. Thanks again for
this report!

Bye,
Hannes

Powered by blists - more mailing lists

Your e-mail address:

Please check out the Open Source Software Security Wiki, which is counterpart to this mailing list.

Confused about mailing lists and their use? Read about mailing lists on Wikipedia and check out these guidelines on proper formatting of your messages.