|
Message-ID: <56683B44.1070305@stressinduktion.org> Date: Wed, 9 Dec 2015 15:31:32 +0100 From: Hannes Frederic Sowa <hannes@...essinduktion.org> To: oss-security@...ts.openwall.com Subject: Re: CVE request - Android kernel - IPv6 connect cause a denial of service Hello, On 09.12.2015 11:15, 郭永刚 wrote: > > Analysis of causes: > In the file net/ipv4/af_inet.c , It will cause pc is 0x0 , if the sk->sk_prot->get_port is NULL. > static int inet_autobind(struct sock *sk) > { > struct inet_sock *inet; > /* We may need to bind the socket. */ > lock_sock(sk); > inet = inet_sk(sk); > if (!inet->inet_num) { > if (sk->sk_prot->get_port(sk, 0)) { > release_sock(sk); > return -EAGAIN; > } > inet->inet_sport = htons(inet->inet_num); > } > release_sock(sk); > return 0; > } > > Solution: > > Add check as follow: > if (sk->sk_prot->get_port &&sk->sk_prot->get_port(sk, 0)) { > release_sock(sk); > return -EAGAIN; > } > Thanks for the report, I will look into that. But I fear your solution just papers over the bug and will leave the port in a half initialized state. Bye, Hannes
Powered by blists - more mailing lists
Please check out the Open Source Software Security Wiki, which is counterpart to this mailing list.
Confused about mailing lists and their use? Read about mailing lists on Wikipedia and check out these guidelines on proper formatting of your messages.