Re: [PATCH nf] netfilter: socket: icmp6: fix use-after-scope

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]


On Fri, Sep 03, 2021 at 03:23:35PM +0200, Benjamin Hesmans wrote:
> Bug reported by KASAN:
> BUG: KASAN: use-after-scope in inet6_ehashfn (net/ipv6/inet6_hashtables.c:40)
> Call Trace:
> (...)
> inet6_ehashfn (net/ipv6/inet6_hashtables.c:40)
> (...)
> nf_sk_lookup_slow_v6 (net/ipv6/netfilter/nf_socket_ipv6.c:91
> net/ipv6/netfilter/nf_socket_ipv6.c:146)
> It seems that this bug has already been fixed by Eric Dumazet in the
> past in:
> commit 78296c97ca1f ("netfilter: xt_socket: fix a stack corruption bug")
> But a variant of the same issue has been introduced in
> commit d64d80a2cde9 ("netfilter: x_tables: don't extract flow keys on early demuxed sks in socket match")
> `daddr` and `saddr` potentially hold a reference to ipv6_var that is no
> longer in scope when the call to `nf_socket_get_sock_v6` is made.

Applied, thanks.

[Index of Archives]     [Netfitler Users]     [Berkeley Packet Filter]     [LARTC]     [Bugtraq]     [Yosemite Forum]

  Powered by Linux