subject:"\[PATCH net\] net\/dccp\: fix use\-after\-free in dccp_invalid

Re: [PATCH net] net/dccp: fix use-after-free in dccp_invalid_packet

2016-11-29 Thread David Miller

From: Eric Dumazet Date: Mon, 28 Nov 2016 06:26:49 -0800 > From: Eric Dumazet > > pskb_may_pull() can reallocate skb->head, we need to reload dh pointer > in dccp_invalid_packet() or risk use after free. > > Bug found by Andrey Konovalov using syzkaller. > > Signed-off-by: Eric Dumazet > Rep

Re: [PATCH net] net/dccp: fix use-after-free in dccp_invalid_packet

2016-11-28 Thread Arnaldo Carvalho de Melo

Em Mon, Nov 28, 2016 at 07:20:58AM -0800, Eric Dumazet escreveu: > On Mon, 2016-11-28 at 12:05 -0300, Arnaldo Carvalho de Melo wrote: > > Em Mon, Nov 28, 2016 at 06:47:14AM -0800, Eric Dumazet escreveu: > > > On Mon, 2016-11-28 at 11:40 -0300, Arnaldo Carvalho de Melo wrote: > > > > Em Mon, Nov 28,

Re: [PATCH net] net/dccp: fix use-after-free in dccp_invalid_packet

2016-11-28 Thread Eric Dumazet

On Mon, 2016-11-28 at 12:05 -0300, Arnaldo Carvalho de Melo wrote: > Em Mon, Nov 28, 2016 at 06:47:14AM -0800, Eric Dumazet escreveu: > > On Mon, 2016-11-28 at 11:40 -0300, Arnaldo Carvalho de Melo wrote: > > > Em Mon, Nov 28, 2016 at 06:26:49AM -0800, Eric Dumazet escreveu: > > > > From: Eric Duma

Re: [PATCH net] net/dccp: fix use-after-free in dccp_invalid_packet

2016-11-28 Thread Arnaldo Carvalho de Melo

Em Mon, Nov 28, 2016 at 06:47:14AM -0800, Eric Dumazet escreveu: > On Mon, 2016-11-28 at 11:40 -0300, Arnaldo Carvalho de Melo wrote: > > Em Mon, Nov 28, 2016 at 06:26:49AM -0800, Eric Dumazet escreveu: > > > From: Eric Dumazet > > > > > > pskb_may_pull() can reallocate skb->head, we need to relo

Re: [PATCH net] net/dccp: fix use-after-free in dccp_invalid_packet

2016-11-28 Thread Eric Dumazet

On Mon, 2016-11-28 at 11:40 -0300, Arnaldo Carvalho de Melo wrote: > Em Mon, Nov 28, 2016 at 06:26:49AM -0800, Eric Dumazet escreveu: > > From: Eric Dumazet > > > > pskb_may_pull() can reallocate skb->head, we need to reload dh pointer > > in dccp_invalid_packet() or risk use after free. > > > >

Re: [PATCH net] net/dccp: fix use-after-free in dccp_invalid_packet

2016-11-28 Thread Arnaldo Carvalho de Melo

Em Mon, Nov 28, 2016 at 06:26:49AM -0800, Eric Dumazet escreveu: > From: Eric Dumazet > > pskb_may_pull() can reallocate skb->head, we need to reload dh pointer > in dccp_invalid_packet() or risk use after free. > > Bug found by Andrey Konovalov using syzkaller. > > Signed-off-by: Eric Dumazet

[PATCH net] net/dccp: fix use-after-free in dccp_invalid_packet

2016-11-28 Thread Eric Dumazet

From: Eric Dumazet pskb_may_pull() can reallocate skb->head, we need to reload dh pointer in dccp_invalid_packet() or risk use after free. Bug found by Andrey Konovalov using syzkaller. Signed-off-by: Eric Dumazet Reported-by: Andrey Konovalov --- net/dccp/ipv4.c | 12 +++- 1 file

Re: [PATCH net] net/dccp: fix use-after-free in dccp_invalid_packet

Re: [PATCH net] net/dccp: fix use-after-free in dccp_invalid_packet

Re: [PATCH net] net/dccp: fix use-after-free in dccp_invalid_packet

Re: [PATCH net] net/dccp: fix use-after-free in dccp_invalid_packet

Re: [PATCH net] net/dccp: fix use-after-free in dccp_invalid_packet

Re: [PATCH net] net/dccp: fix use-after-free in dccp_invalid_packet

[PATCH net] net/dccp: fix use-after-free in dccp_invalid_packet

7 matches

Site Navigation

Mail list logo

Footer information