[<prev] [next>] [month] [year] [list]
Date: Mon, 19 Oct 2009 15:27:31 -0400 (EDT)
From: Josh Bressers <bressers@...hat.com>
To: oss-security@...ts.openwall.com
Cc: "Steven M. Christey" <coley@...us.mitre.org>
Subject: Re: CVE request: kernel: AF_UNIX: Fix deadlock on
connecting to shutdown socket
Please use CVE-2009-3621.
Thanks.
--
JB
----- "Eugene Teo" <eugeneteo@...nel.sg> wrote:
> Quoting from the patch submitted:
> "...a deadlock bug in UNIX domain socket, which makes able to DoS
> attack against the local machine by non-root users.
>
> ...
> Why this happens:
> Error checks between unix_socket_connect() and unix_wait_for_peer()
> are
> inconsistent. The former calls the latter to wait until the backlog
> is
> processed. Despite the latter returns without doing anything when
> the
> socket is shutdown, the former doesn't check the shutdown state and
> just retries calling the latter forever."
>
> How to reproduce:
> 1. Make a listening AF_UNIX/SOCK_STREAM socket with an abstruct
> namespace(*), and shutdown(2) it.
> 2. Repeat connect(2)ing to the listening socket from the other
> sockets
> until the connection backlog is full-filled.
> 3. connect(2) takes the CPU forever. If every core is taken, the
> system hangs.
>
> Reproducer:
> http://patchwork.kernel.org/patch/54678/
>
> You will need to add in the missing header files:
> #include <string.h>
> #include <stdio.h>
> #include <sys/un.h>
> #include <sys/types.h>
> #include <sys/socket.h>
>
> Reference:
> https://bugzilla.redhat.com/show_bug.cgi?id=529626
>
> Thanks, Eugene
Please check out the
Open Source Software Security Wiki, which is counterpart to this
mailing list.
Powered by Openwall GNU/*/Linux -
Powered by OpenVZ