Re: crypto: use-after-free in rng_recvmsg

From: Stephan Mueller
Date: Wed Dec 30 2015 - 15:54:19 EST

Next message: Dmitry Vyukov: "memory leak in lapb_create_cb"
Previous message: Mark Salyzyn: "rtc-palmas: correct for bcd year"
In reply to: Dmitry Vyukov: "crypto: use-after-free in rng_recvmsg"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

Am Montag, 28. Dezember 2015, 14:48:48 schrieb Dmitry Vyukov:

Hi Dmitry,

> Hello,
>
> On commit a88164345b81292b55a8d4829fdd35c8d611cd7d (Dec 23)
> + crypto: algif_skcipher - Use new skcipher interface
> + crypto: algif_skcipher - Require setkey before accept(2)
>
> The following program triggers use-after-free in rng_recvmsg:

Thank you for the bug report.

After applying the patch from Herbert [1], I was not able to reproduce the
issue even after 1000 rounds of the test code. Considering the issue and the
patch from Herbert, I would consider the issue being fixed.

[1] http://www.mail-archive.com/linux-crypto@xxxxxxxxxxxxxxx/msg17450.html

Thank you.
--
Ciao
Stephan
--
To unsubscribe from this list: send the line "unsubscribe linux-kernel" in
the body of a message to majordomo@xxxxxxxxxxxxxxx
More majordomo info at http://vger.kernel.org/majordomo-info.html
Please read the FAQ at http://www.tux.org/lkml/

Next message: Dmitry Vyukov: "memory leak in lapb_create_cb"
Previous message: Mark Salyzyn: "rtc-palmas: correct for bcd year"
In reply to: Dmitry Vyukov: "crypto: use-after-free in rng_recvmsg"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]