Message ID | D95F1297-95A1-4AC9-B0C2-803C453B1BAE@psu.edu (mailing list archive) |
---|---|
State | Superseded |
Delegated to: | Netdev Maintainers |
Headers | show
Return-Path: <netdev-owner@kernel.org> X-Spam-Checker-Version: SpamAssassin 3.4.0 (2014-02-07) on aws-us-west-2-korg-lkml-1.web.codeaurora.org X-Spam-Level: X-Spam-Status: No, score=-15.8 required=3.0 tests=BAYES_00,DKIM_SIGNED, DKIM_VALID,DKIM_VALID_AU,HEADER_FROM_DIFFERENT_DOMAINS,INCLUDES_CR_TRAILER, INCLUDES_PATCH,MAILING_LIST_MULTI,SPF_HELO_NONE,SPF_PASS,URIBL_BLOCKED autolearn=ham autolearn_force=no version=3.4.0 Received: from mail.kernel.org (mail.kernel.org [198.145.29.99]) by smtp.lore.kernel.org (Postfix) with ESMTP id 1258FC433EF for <netdev@archiver.kernel.org>; Tue, 7 Sep 2021 18:28:38 +0000 (UTC) Received: from vger.kernel.org (vger.kernel.org [23.128.96.18]) by mail.kernel.org (Postfix) with ESMTP id EC2F361103 for <netdev@archiver.kernel.org>; Tue, 7 Sep 2021 18:28:37 +0000 (UTC) Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S1345852AbhIGS3j (ORCPT <rfc822;netdev@archiver.kernel.org>); Tue, 7 Sep 2021 14:29:39 -0400 Received: from mail-mw2nam08on2127.outbound.protection.outlook.com ([40.107.101.127]:46817 "EHLO NAM04-MW2-obe.outbound.protection.outlook.com" rhost-flags-OK-OK-OK-FAIL) by vger.kernel.org with ESMTP id S236461AbhIGS3g (ORCPT <rfc822;netdev@vger.kernel.org>); Tue, 7 Sep 2021 14:29:36 -0400 ARC-Seal: i=1; a=rsa-sha256; s=arcselector9901; d=microsoft.com; cv=none; b=FSy0G8cFPTqaqtXd8Ld0wRwD8u1BDbNyk7gjP6vW5Das7GNFug+JzkJVg54wqQqMeY7HyWd637hu0SMjKBT6XCXSvrtfI0bkw2xbSmvXdlwGN4ZQObn0LIkRfvvOslTZzAfrPtnT+O95McdWArD34DnkjR588Fmrd5584/Vbbunt06cM8RFFjwwcg2jX4R3rG1Z955cKbjKfgUoh+KiOI1YHtRMXk/aokV7rRPDrQIuormQVznXrjAMFqv1n/Lo3Iu8zgBuHEkGb/kDQQr2Ki4yJJKyCTx4H+zhhZ/N7PlcC17zLepuRmkfXcI0/leN2aUX2a6vugUOPwkEkMBX2Tw== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=microsoft.com; s=arcselector9901; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version; bh=BngrG05tIdaOouvnD3jq1PXoDDTBEdl76ytp7KToilM=; b=n39zFG1++4cFryRye9AqbvEs8KA1Uw0X4iIb01VpcaSgQByYDob1kER06TZ+kgD7F2tMa2AZMSVWp+rWld3Vf/kg751gMbjAj/PWLWZTb1Uz2qZe8GqCeAVjLTalzNr4WX7h6MEDOblRESA9q3v8NazDzj6uSoyskJlzOvz/L60zhz0GRgLLj53SH4TkuN/i+ZmxFtNqvsOMLg/2OyULPt+Ju/1ZmDEEar1y7mW5tWt1WFVWiBCfhKuy0hwpkakNZeSgcJAANEj/A5xwyvIbMXYX2saNAEl2n9EM0RNFHNALFXfcY2pw6drSerc09xZf1LgjXqDs1o7GXhBdjCjE7Q== ARC-Authentication-Results: i=1; mx.microsoft.com 1; spf=pass smtp.mailfrom=psu.edu; dmarc=pass action=none header.from=psu.edu; dkim=pass header.d=psu.edu; arc=none DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=psu.edu; s=selector1; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-SenderADCheck; bh=BngrG05tIdaOouvnD3jq1PXoDDTBEdl76ytp7KToilM=; b=qEy91l7j0PbudwOU7blEikVd4bUjAuWrvMNiDjgThJlb6V5er85r2/4O6HOWupLVtU5TsISBiBScST9ZSnKuvL06VSpQh5PHOeW671i9UdzGGCTLOm0k9r3JDhNERMMLmrxAJvo9Xifwzk8/F0qmHTj20NjrTy5FXtZsLw+t3Z0= Received: from BL0PR02MB4370.namprd02.prod.outlook.com (2603:10b6:208:42::31) by MN2PR02MB6382.namprd02.prod.outlook.com (2603:10b6:208:1bd::30) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id 15.20.4478.22; Tue, 7 Sep 2021 18:28:28 +0000 Received: from BL0PR02MB4370.namprd02.prod.outlook.com ([fe80::40fc:3ab5:8af7:7673]) by BL0PR02MB4370.namprd02.prod.outlook.com ([fe80::40fc:3ab5:8af7:7673%7]) with mapi id 15.20.4478.025; Tue, 7 Sep 2021 18:28:28 +0000 From: "Lin, Zhenpeng" <zplin@psu.edu> To: "Lin, Zhenpeng" <zplin@psu.edu> CC: "dccp@vger.kernel.org" <dccp@vger.kernel.org>, "netdev@vger.kernel.org" <netdev@vger.kernel.org>, "linux-kernel@vger.kernel.org" <linux-kernel@vger.kernel.org>, "davem@davemloft.net" <davem@davemloft.net>, "kuba@kernel.org" <kuba@kernel.org>, "alexey.kodanev@oracle.com" <alexey.kodanev@oracle.com> Subject: [PATCH] dccp: don't duplicate ccid when cloning dccp sock Thread-Topic: [PATCH] dccp: don't duplicate ccid when cloning dccp sock Thread-Index: AQHXpBYmYVTUvVQssESqpTbpnXejmg== Date: Tue, 7 Sep 2021 18:28:28 +0000 Message-ID: <D95F1297-95A1-4AC9-B0C2-803C453B1BAE@psu.edu> Accept-Language: en-US Content-Language: en-US X-MS-Has-Attach: X-MS-TNEF-Correlator: authentication-results: psu.edu; dkim=none (message not signed) header.d=none;psu.edu; dmarc=none action=none header.from=psu.edu; x-ms-publictraffictype: Email x-ms-office365-filtering-correlation-id: ffc2000d-4aec-42d4-a102-08d9722d4982 x-ms-traffictypediagnostic: MN2PR02MB6382: x-ms-exchange-transport-forked: True x-microsoft-antispam-prvs: <MN2PR02MB6382B17084523FAAAE75C02FB7D39@MN2PR02MB6382.namprd02.prod.outlook.com> x-ms-oob-tlc-oobclassifiers: OLM:5797; x-ms-exchange-senderadcheck: 1 x-ms-exchange-antispam-relay: 0 x-microsoft-antispam: BCL:0; x-microsoft-antispam-message-info: 5o2ZtMQJMXLlcBwCly4A9Wp/gSmAUNXX3HXToDAxSXG/aVEAOIqCyo24u2uwW4lzRM+3QBeRHEhlRqKmTpHLqEeWyCdYEsww0gJCYr/rpsfyv/bxU9P+EXl542h0V5HUqR37gQFphkkOQceUv4q4RiZ1NIF6XGlfp4nI3YacRT79/SusOx1fbF6+8PyHugA0kLXI/puTCR5J5+I4pRi8iwuElS4be2Iq8+wFpnCN+SaAjCkK2Wlf/0o/uWUMeH7B902xtZmLRs7mq94mE85JjDyMQp+AhJHnj71DQVMG5qpH9ESd0b7LcwV8PIp2IrJCYZU2PJ+yK0eLK23KmrLLgN+GgBUtK3+EyN3/O1Q5IvfOZZK5rdsfX618AXRk//JuWUlmmYNt2XqZy+wBSz/LqYsfJWR/wM51aGpheu0/+GiCpkw/YgJSTmSyNB3CA+4LrJCSC3FXX26JP0NyESobju6i3ttOgWNipiJj5TgC43wfSCO+zO1c1Z56Xi6UDig93+OhpEUOiqyQ5LgijEuE7LZcuTEisUu8F/uBGZbUCwFSybOuMnnTrhvioQYTljdONQYmw90NbtkS0/FcD/IETJKOtSXBfoLsS0SZKvA3rWrCkCaxZzxGxsoNZtIfRrRbTrVX3eAO9dmUve2JlLZJOyibJeBMulyrga4Lq/RcLxgfJpNb62IKCAPCEZo/oGl+JKr9D0A/9idZBDAiGhOZy3O9M9HE5D7rYR0OvFVV19k= x-forefront-antispam-report: CIP:255.255.255.255;CTRY:;LANG:en;SCL:1;SRV:;IPV:NLI;SFV:NSPM;H:BL0PR02MB4370.namprd02.prod.outlook.com;PTR:;CAT:NONE;SFS:(4636009)(39860400002)(366004)(396003)(346002)(136003)(376002)(36756003)(66946007)(66556008)(66476007)(66446008)(64756008)(86362001)(2616005)(37006003)(75432002)(6862004)(6506007)(38100700002)(122000001)(478600001)(8676002)(54906003)(4326008)(5660300002)(26005)(186003)(6200100001)(8936002)(6512007)(71200400001)(6486002)(2906002)(38070700005)(91956017)(316002)(76116006)(33656002)(45980500001);DIR:OUT;SFP:1102; x-ms-exchange-antispam-messagedata-chunkcount: 1 x-ms-exchange-antispam-messagedata-0: =?utf-8?q?+1tEwRSjhbuzE3MP0kJPpbE7AoZq?= =?utf-8?q?RiQsdqTSNDkX5xtodIGsaEYOFP6t1gbyqe57eV/9TP0ruGpSomFeS3KdQ1xNXMGZV?= =?utf-8?q?yA9gKDENQ1Ke9U9Cyt+f38Kp0/DJSvS2iMfLf0LrhiC7S4E7gvLbhubfXCb9KbTl2?= =?utf-8?q?rkRC/9IQko/x7ncnt+2teM9iZHuz6DU7fUXnk9Ao/EzSJYTcD6V4uPDJmVScd0OEc?= =?utf-8?q?iv2dxDkV4G1B8dIanXqHCvORKohJOBUuGkSQPCDFvEWUvTq8MLMGU4DFmgcIigEkl?= =?utf-8?q?3WU/v8TSpqXsF0EvU2v4JfuoHV+39iP71t4TDQYuR6I7VACai9iYMoLI6fhTrPD8c?= =?utf-8?q?QAYtzsJ9/aRhOSbgeYtCqWvv9Ds5bPbT+3ZWkhQgKIuZ84qVv6nT7tQvprHzMymf3?= =?utf-8?q?hlhjjY1YaWinQsptRHmd+RwcJNs8v5zWnhA62+dgarZbSaJXvACW3w2IUpUtBF3vK?= =?utf-8?q?mEIHvk1MH3NllwFylzhdfk3h8qV2C3CLKJaWABYDL0YN85kQS8+LF/rLZUsLWduHn?= =?utf-8?q?whT2R6HSEp3/2D0thk0mGrU0O0FpFq7mxRnqTu1vsKbQMwfD9nekRXmEd0rfOSlvT?= =?utf-8?q?iCZboBNwcZKN4KfUGbIzKI0+5xtnnJDNXreGPLWHRm2mavLUtDia3c8H0Wx/6r5d3?= =?utf-8?q?IurPqPYddmvNs/sWwVVgvOJqJnydDsa4kGvgmX+MzJGiWkiVthKxWZ1PtLGjBwCGR?= =?utf-8?q?/wH3D6ZB2OK/l6q2IFvQ5BL2kwn0JmVuqUmHdOTiZaPxqpb0dmHD4Clfg0fJ+b/w6?= =?utf-8?q?OmvsNVc7r2NInSwxPbhob+q7Jb4i6lj80LJhFyzrNTIJrgdoJ3+lZ+iZj83+Tqt8q?= =?utf-8?q?5/bz/ama8dJNnjXgFQSvtOWDKrAZoJCB7KWjtptna2PEXNNs7Ynat15CDjYOutJwe?= =?utf-8?q?nAdRwGDIhpXNMiRVHbRgo8iRVq2s0PdBfjXHai6nN5y8bwlsgczZjzV714nimQqG3?= =?utf-8?q?vyKGvzt1EAVMGiSrU90ny8aohrv8ia/cih6adJHFQAznvAPGL/NFrE/dguV25k30n?= =?utf-8?q?O+IDPN1Sg864bZ6VDNDsc/1GGHC7fcEd5H0P4cR0IqWSVfQDDpTJUu+o46zHfyblZ?= =?utf-8?q?D8br+0IJ7Fxq7VA+gienj06lRUL3W1QMJwfMt4Nyz0SUZ5isjKq3r0s5IWAHQYBXh?= =?utf-8?q?6iT27WWbJGGjBrlL4YaEreWncb3mUTCm5mOaIJ56tUH3fI1MWXsaC14a9bGJZwTpx?= =?utf-8?q?B1MKz7D2K+2/xO63v5yG5cUgnz3F1kvc1MxLyJHBNPxvvdi12CUj++tlLGZ8R8uhR?= =?utf-8?q?BO/RckPw8gRzmW/M?= Content-Type: text/plain; charset="utf-8" Content-ID: <23BB301FAF512542BBDD915D4F818B8F@namprd02.prod.outlook.com> Content-Transfer-Encoding: base64 MIME-Version: 1.0 X-OriginatorOrg: psu.edu X-MS-Exchange-CrossTenant-AuthAs: Internal X-MS-Exchange-CrossTenant-AuthSource: BL0PR02MB4370.namprd02.prod.outlook.com X-MS-Exchange-CrossTenant-Network-Message-Id: ffc2000d-4aec-42d4-a102-08d9722d4982 X-MS-Exchange-CrossTenant-originalarrivaltime: 07 Sep 2021 18:28:28.1288 (UTC) X-MS-Exchange-CrossTenant-fromentityheader: Hosted X-MS-Exchange-CrossTenant-id: 7cf48d45-3ddb-4389-a9c1-c115526eb52e X-MS-Exchange-CrossTenant-mailboxtype: HOSTED X-MS-Exchange-CrossTenant-userprincipalname: Y6NEeg9s+8r5PTsGKw3pPJqOfevDRdHe145faDzj895Qr4oKIMTma4r2LYBl0A/s X-MS-Exchange-Transport-CrossTenantHeadersStamped: MN2PR02MB6382 Precedence: bulk List-ID: <netdev.vger.kernel.org> X-Mailing-List: netdev@vger.kernel.org |
Series |
dccp: don't duplicate ccid when cloning dccp sock
|
expand
|
Context | Check | Description |
---|---|---|
netdev/tree_selection | success | Guessing tree name failed - patch did not apply |
diff --git a/net/dccp/minisocks.c b/net/dccp/minisocks.c index c5c74a34d139..91e7a2202697 100644 --- a/net/dccp/minisocks.c +++ b/net/dccp/minisocks.c @@ -94,6 +94,8 @@ struct sock *dccp_create_openreq_child(const struct sock *sk, newdp->dccps_role = DCCP_ROLE_SERVER; newdp->dccps_hc_rx_ackvec = NULL; newdp->dccps_service_list = NULL; + newdp->dccps_hc_rx_ccid = NULL; + newdp->dccps_hc_tx_ccid = NULL; newdp->dccps_service = dreq->dreq_service; newdp->dccps_timestamp_echo = dreq->dreq_timestamp_echo; newdp->dccps_timestamp_time = dreq->dreq_timestamp_time;
Commit 2677d2067731 ("dccp: don't free ccid2_hc_tx_sock ...") fixed a UAF but reintroduced CVE-2017-6074. When the sock is cloned, two dccps_hc_tx_ccid will reference to the same ccid. So one can free the ccid object twice from two socks after cloning. This issue was found by "Hadar Manor" as well and assigned with CVE-2020-16119, which was fixed in Ubuntu's kernel. So here I port the patch from Ubuntu to fix it. The patch prevents cloned socks from referencing the same ccid. Fixes: 2677d2067731410 ("dccp: don't free ccid2_hc_tx_sock ...") Signed-off-by: Zhenpeng Lin <zplin@psu.edu> --- net/dccp/minisocks.c | 2 ++ 1 file changed, 2 insertions(+) -- 2.25.1