oss-sec mailing list archives
Re: CVE request - Android kernel - IPv6 connect cause a denial of service
From: Hannes Frederic Sowa <hannes () stressinduktion org>
Date: Wed, 9 Dec 2015 15:31:32 +0100
Hello, On 09.12.2015 11:15, 郭永刚 wrote:
Analysis of causes: In the file net/ipv4/af_inet.c , It will cause pc is 0x0 , if the sk->sk_prot->get_port is NULL. static int inet_autobind(struct sock *sk) { struct inet_sock *inet; /* We may need to bind the socket. */ lock_sock(sk); inet = inet_sk(sk); if (!inet->inet_num) { if (sk->sk_prot->get_port(sk, 0)) { release_sock(sk); return -EAGAIN; } inet->inet_sport = htons(inet->inet_num); } release_sock(sk); return 0; } Solution: Add check as follow: if (sk->sk_prot->get_port &&sk->sk_prot->get_port(sk, 0)) { release_sock(sk); return -EAGAIN; }
Thanks for the report, I will look into that. But I fear your solution just papers over the bug and will leave the port in a half initialized state. Bye, Hannes
Current thread:
- CVE request - Android kernel - IPv6 connect cause a denial of service 郭永刚 (Dec 09)
- Re: CVE request - Android kernel - IPv6 connect cause a denial of service Hannes Frederic Sowa (Dec 09)
- Re: CVE request - Android kernel - IPv6 connect cause a denial of service Robert Święcki (Dec 09)
- Re: CVE request - Android kernel - IPv6 connect cause a denial of service cve-assign (Dec 11)
- Re: Re: CVE request - Android kernel - IPv6 connect cause a denial of service Hannes Frederic Sowa (Dec 11)
- Re: Re: CVE request - Android kernel - IPv6 connect cause a denial of service Hannes Frederic Sowa (Dec 14)
- Re: Re: CVE request - Android kernel - IPv6 connect cause a denial of service Robert Święcki (Dec 14)
- Re: Re: CVE request - Android kernel - IPv6 connect cause a denial of service Hannes Frederic Sowa (Dec 14)