oss-sec mailing list archives
Re: CVE Request: kernel - sock_diag: Fix out-of-bounds access to sock_diag_handlers[]
From: Dan Rosenberg <dan.j.rosenberg () gmail com>
Date: Mon, 25 Feb 2013 14:21:46 -0500
On 02/25/2013 02:18 PM, Mathias Krause wrote:
On Mon, Feb 25, 2013 at 8:07 PM, Dan Rosenberg <dan.j.rosenberg () gmail com> wrote:On 02/25/2013 01:59 PM, Mathias Krause wrote:On Mon, Feb 25, 2013 at 7:53 PM, Dan Rosenberg <dan.j.rosenberg () gmail com> wrote:On 02/25/2013 01:45 PM, Mathias Krause wrote:Did you even try to run the exploit on a v3.2 kernel? Or even more simple, looked at the code of a v3.2 kernel? There is no sock_diag anywhere in the kernel; there is only inet_diag. And inet_diag hadn't and still does not have the out-of-bounds access issue. So no, this bug is non-existent on a v3.2 kernel. Thanks, MathiasThe bug was introduced with this commit: http://git.kernel.org/?p=linux/kernel/git/torvalds/linux.git;a=commit;h=d366477a52f1df29fa066ffb18e4e6101ee2ad04 This commit took place during kernel version 3.2.0-rc4, so yes, it does seem to affect 3.2 kernels.$ git describe --contains d366477a52f1df29fa066ffb18e4e6101ee2ad04 v3.3-rc1~182^2~326 Is git lying to me or what? Cheers, MathiasApparently so. Linux 3.3-rc1 was released on January 19, 2012, while the patch to introduce sock_diag was applied December 6, 2011.Dude, have you even *tried* to confirm what you're claiming? $ git grep sock_diag_handler v3.2 | wc -l 0 $ git checkout v3.2; grep -rw sock_diag_handler . | wc -l 0 So either my git tree is horribly broken or your arguments are. Ever heard of net-next.git -- containing commits that should end up in the *next* version of Linux? Cheers, Mathias
Relax, no need to get so worked up. ;-) Of course you're right, my head wasn't working. Sorry for the noise. Regards, Dan
Current thread:
- Re: CVE Request: kernel - sock_diag: Fix out-of-bounds access to sock_diag_handlers[], (continued)
- Re: CVE Request: kernel - sock_diag: Fix out-of-bounds access to sock_diag_handlers[] Solar Designer (Feb 25)
- Re: CVE Request: kernel - sock_diag: Fix out-of-bounds access to sock_diag_handlers[] Mathias Krause (Feb 25)
- Re: CVE Request: kernel - sock_diag: Fix out-of-bounds access to sock_diag_handlers[] Mathias Krause (Feb 25)
- Re: CVE Request: kernel - sock_diag: Fix out-of-bounds access to sock_diag_handlers[] Solar Designer (Feb 25)
- Re: CVE Request: kernel - sock_diag: Fix out-of-bounds access to sock_diag_handlers[] Mathias Krause (Feb 25)
- Re: CVE Request: kernel - sock_diag: Fix out-of-bounds access to sock_diag_handlers[] Dan Rosenberg (Feb 25)
- Re: CVE Request: kernel - sock_diag: Fix out-of-bounds access to sock_diag_handlers[] Mathias Krause (Feb 25)
- Re: CVE Request: kernel - sock_diag: Fix out-of-bounds access to sock_diag_handlers[] Dan Rosenberg (Feb 25)
- Re: CVE Request: kernel - sock_diag: Fix out-of-bounds access to sock_diag_handlers[] Mathias Krause (Feb 25)
- Re: CVE Request: kernel - sock_diag: Fix out-of-bounds access to sock_diag_handlers[] Jason A. Donenfeld (Feb 25)
- Re: CVE Request: kernel - sock_diag: Fix out-of-bounds access to sock_diag_handlers[] Dan Rosenberg (Feb 25)
- Re: CVE Request: kernel - sock_diag: Fix out-of-bounds access to sock_diag_handlers[] Mathias Krause (Feb 25)
- Re: CVE Request: kernel - sock_diag: Fix out-of-bounds access to sock_diag_handlers[] Solar Designer (Feb 25)
- Re: CVE Request: kernel - sock_diag: Fix out-of-bounds access to sock_diag_handlers[] Solar Designer (Feb 25)
- Re: CVE Request: kernel - sock_diag: Fix out-of-bounds access to sock_diag_handlers[] Solar Designer (Feb 25)