oss-sec mailing list archives
Re: CVE request - Android kernel - IPv6 connect cause a denial of service
From: Hannes Frederic Sowa <hannes () stressinduktion org>
Date: Wed, 9 Dec 2015 15:31:32 +0100
Hello, On 09.12.2015 11:15, 郭永刚 wrote:
Analysis of causes:
In the file net/ipv4/af_inet.c , It will cause pc is 0x0 , if the sk->sk_prot->get_port is NULL.
static int inet_autobind(struct sock *sk)
{
struct inet_sock *inet;
/* We may need to bind the socket. */
lock_sock(sk);
inet = inet_sk(sk);
if (!inet->inet_num) {
if (sk->sk_prot->get_port(sk, 0)) {
release_sock(sk);
return -EAGAIN;
}
inet->inet_sport = htons(inet->inet_num);
}
release_sock(sk);
return 0;
}
Solution:
Add check as follow:
if (sk->sk_prot->get_port &&sk->sk_prot->get_port(sk, 0)) {
release_sock(sk);
return -EAGAIN;
}
Thanks for the report, I will look into that. But I fear your solution just papers over the bug and will leave the port in a half initialized state. Bye, Hannes
Current thread:
- CVE request - Android kernel - IPv6 connect cause a denial of service 郭永刚 (Dec 09)
- Re: CVE request - Android kernel - IPv6 connect cause a denial of service Hannes Frederic Sowa (Dec 09)
- Re: CVE request - Android kernel - IPv6 connect cause a denial of service Robert Święcki (Dec 09)
- Re: CVE request - Android kernel - IPv6 connect cause a denial of service cve-assign (Dec 11)
- Re: Re: CVE request - Android kernel - IPv6 connect cause a denial of service Hannes Frederic Sowa (Dec 11)
- Re: Re: CVE request - Android kernel - IPv6 connect cause a denial of service Hannes Frederic Sowa (Dec 14)
- Re: Re: CVE request - Android kernel - IPv6 connect cause a denial of service Robert Święcki (Dec 14)
- Re: Re: CVE request - Android kernel - IPv6 connect cause a denial of service Hannes Frederic Sowa (Dec 14)