Return-Path: Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S932846AbbLNWpA (ORCPT ); Mon, 14 Dec 2015 17:45:00 -0500 Received: from out1-smtp.messagingengine.com ([66.111.4.25]:33540 "EHLO out1-smtp.messagingengine.com" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S932470AbbLNWo6 (ORCPT ); Mon, 14 Dec 2015 17:44:58 -0500 X-Sasl-enc: KxhcLQG/NIL/E0bZxowUnFhtKbbDortPPwffV3e+yngf 1450133097 Subject: Re: Information leak in pptp_bind To: Dmitry Vyukov , Dmitry Kozlov , netdev@vger.kernel.org, LKML References: Cc: syzkaller@googlegroups.com, Kostya Serebryany , Alexander Potapenko , Dmitry Vyukov , edumazet@google.com, Sasha Levin , keescook@google.com, jln@google.com From: Hannes Frederic Sowa X-Enigmail-Draft-Status: N1110 Message-ID: <566F4665.6070800@stressinduktion.org> Date: Mon, 14 Dec 2015 23:44:53 +0100 User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:38.0) Gecko/20100101 Thunderbird/38.4.0 MIME-Version: 1.0 In-Reply-To: Content-Type: text/plain; charset=utf-8 Content-Transfer-Encoding: 7bit Sender: linux-kernel-owner@vger.kernel.org List-ID: X-Mailing-List: linux-kernel@vger.kernel.org Content-Length: 547 Lines: 15 On 14.12.2015 11:38, Dmitry Vyukov wrote: > The following program leak various uninit garbage including kernel > addresses and whatever is on kernel stack, in particular defeating > ASLR. The issue is in pptp_bind which does not verify sockaddr_len. Thanks for the report! I send out a patch soon. -- To unsubscribe from this list: send the line "unsubscribe linux-kernel" in the body of a message to majordomo@vger.kernel.org More majordomo info at http://vger.kernel.org/majordomo-info.html Please read the FAQ at http://www.tux.org/lkml/