On Wed, Dec 30, 2015 at 01:45:15PM +0100, Dmitry Vyukov wrote:
>
> This seems to be a zero-day. Should we CC sta...@vger.kernel.org ?
>
> Code in 03c8efc1ffeb6b82a22c1af8dd908af349563314 (Oct 19, 2010) contained:
>
> + sock_init_data(newsock, sk2);
> +
> + err = type->accept(ask->priv
On Wed, Dec 30, 2015 at 1:24 PM, Herbert Xu wrote:
> On Wed, Dec 30, 2015 at 11:58:58AM +0100, Dmitry Vyukov wrote:
>>
>> I forgot to diff include/crypto/if_alg.h, but the changes are there
>> (otherwise all references to refcnt would not compile). Also I moved
>> ask->refcnt checks to alg_setsock
On Wed, Dec 30, 2015 at 11:58:58AM +0100, Dmitry Vyukov wrote:
>
> I forgot to diff include/crypto/if_alg.h, but the changes are there
> (otherwise all references to refcnt would not compile). Also I moved
> ask->refcnt checks to alg_setsockopt to fix the deadlock, I believe
> that's the missing ch
On Wed, Dec 30, 2015 at 11:53 AM, Herbert Xu
wrote:
> On Wed, Dec 30, 2015 at 11:19:45AM +0100, Dmitry Vyukov wrote:
>>
>> This use-after-free does not reproduce on every run. It seems to be
>> triggered by some race. Try to run the program in a parallel loop.
>> I use stress tool for this:
>> htt
On Wed, Dec 30, 2015 at 11:19:45AM +0100, Dmitry Vyukov wrote:
>
> This use-after-free does not reproduce on every run. It seems to be
> triggered by some race. Try to run the program in a parallel loop.
> I use stress tool for this:
> https://github.com/golang/tools/blob/master/cmd/stress/stress.g
On Wed, Dec 30, 2015 at 2:24 AM, Herbert Xu wrote:
> On Tue, Dec 29, 2015 at 09:19:22PM +0100, Dmitry Vyukov wrote:
>> Hello,
>>
>> On commit 8513342170278468bac126640a5d2d12ffbff106
>> + crypto: algif_skcipher - Use new skcipher interface
>> + crypto: algif_skcipher - Require setkey before accept
On Tue, Dec 29, 2015 at 09:19:22PM +0100, Dmitry Vyukov wrote:
> Hello,
>
> On commit 8513342170278468bac126640a5d2d12ffbff106
> + crypto: algif_skcipher - Use new skcipher interface
> + crypto: algif_skcipher - Require setkey before accept(2)
> + crypto: af_alg - Disallow bind/setkey/... after ac
Hello,
On commit 8513342170278468bac126640a5d2d12ffbff106
+ crypto: algif_skcipher - Use new skcipher interface
+ crypto: algif_skcipher - Require setkey before accept(2)
+ crypto: af_alg - Disallow bind/setkey/... after accept(2)
The following program causes use-after-free in alg_bind and later
