Received: by 2002:a05:6a10:6744:0:0:0:0 with SMTP id w4csp5019902pxu; Tue, 13 Oct 2020 12:39:46 -0700 (PDT) X-Google-Smtp-Source: ABdhPJwYs5XQTUc9rVjpDY/BT4ux6pfYEKZ99t3oSRir/PFWDn5Iv8hVUeJm9wQqpam7POw3mVfn X-Received: by 2002:a17:906:513:: with SMTP id j19mr1410965eja.129.1602617986254; Tue, 13 Oct 2020 12:39:46 -0700 (PDT) ARC-Seal: i=1; a=rsa-sha256; t=1602617986; cv=none; d=google.com; s=arc-20160816; b=Rx/xkiWpSxgZa2vDoDyMuAf9u7pgHaLWR/sBrFckqHKGfK9Wmoso+H83s0ZtSjB89w Xgb5/7ZXlqjOZ6zxkedjnYYWdI09B+/HOXuNrjEauv0qvfKJMctngR6lmgtCs251jG0z B4xZU4xpnDx2ZroBkxcewevF+NDxg+aYA9k9roHq7Ra+3Mkv4zCBml8HB9gai+HsOKV4 8vunBWrdthGoYs72hG3o4MiDIxmchgNaNt3AcyKdnPGEC+NH0s3pJ/I9OntHc4p9JzjZ U8tmUtEYDm+Gfo83GDuYbZA0UA+L1gPlgVOzT5zCIqfXME3rwbKNaCuXj/wJs1kIZE6b 147w== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816; h=list-id:precedence:in-reply-to:mime-version:date:message-id :autocrypt:from:references:cc:to:dkim-signature:subject; bh=Aa9pyHjOcVbUByGQfquuzPxzq9f9clmIPBURVdjhxXc=; b=v4mN7f4OM0JlFYxZxUoWIUCTEOibdOUyoxJxi9iKHn1iCbXciVZt6rZcP1sT2LLejn CWxSPJO0lNYcon8hDePN7QqIJa55Vb5BB7gWNZLvS6xIQj3G/KZmN/at6HG0ReiEBPa5 UJ+bWQq5ByKIBL0fhcFVJddAhcJgcJJ21TI522o6WyonVTICBpgnzXbqtOGW2pnWnMx1 bBBrR+fpWR7P3Ukt7uYR/+XlAxztfeOIl1IwXaSB+DkHCT4ysBRT32jjta8I/XB8hRfZ z+hTCIdQOa0Z1ZDC45dnK68P5SOEWbXLNhrkrjVZ2IXkNele2aj0+pvN7qEIK2AYkLJ0 oLYA== ARC-Authentication-Results: i=1; mx.google.com; dkim=pass header.i=@systemli.org header.s=default header.b=6IHpWSmB; spf=pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 23.128.96.18 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org; dmarc=pass (p=NONE sp=NONE dis=NONE) header.from=systemli.org Return-Path: Received: from vger.kernel.org (vger.kernel.org. [23.128.96.18]) by mx.google.com with ESMTP id c17si484976ejr.574.2020.10.13.12.39.22; Tue, 13 Oct 2020 12:39:46 -0700 (PDT) Received-SPF: pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 23.128.96.18 as permitted sender) client-ip=23.128.96.18; Authentication-Results: mx.google.com; dkim=pass header.i=@systemli.org header.s=default header.b=6IHpWSmB; spf=pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 23.128.96.18 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org; dmarc=pass (p=NONE sp=NONE dis=NONE) header.from=systemli.org Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S1728803AbgJMS74 (ORCPT + 99 others); Tue, 13 Oct 2020 14:59:56 -0400 Received: from lindbergh.monkeyblade.net ([23.128.96.19]:49548 "EHLO lindbergh.monkeyblade.net" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S1727733AbgJMS74 (ORCPT ); Tue, 13 Oct 2020 14:59:56 -0400 X-Greylist: delayed 63 seconds by postgrey-1.37 at lindbergh.monkeyblade.net; Tue, 13 Oct 2020 11:59:55 PDT Received: from mail1.systemli.org (mail1.systemli.org [IPv6:2001:678:a40:7000:2::14]) by lindbergh.monkeyblade.net (Postfix) with ESMTPS id A6E28C0613D0; Tue, 13 Oct 2020 11:59:55 -0700 (PDT) Subject: Re: [PATCH 2/2] Revert "dccp: don't free ccid2_hc_tx_sock struct in dccp_disconnect()" DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=systemli.org; s=default; t=1602615592; bh=Aa9pyHjOcVbUByGQfquuzPxzq9f9clmIPBURVdjhxXc=; h=Subject:To:Cc:References:From:Date:In-Reply-To:From; b=6IHpWSmB8zoYG6asQFqI8pGauKxsUSqDu54yoOvi2XetGybBYXP9qOyhSM/eX99qw KDfiHCuIco4JN2p2GOlyy0L0gEbI2QbgjHAHPiW/RbrZqCIie8WLvl8lG/ttNki/4W a1xlVs+sGxTprEXOkSFVo3M9RWePNPZ+qZPdyBE3zFs5uBvbhUSlf+jphwhS5GbXYv GY7xBc54ZHolUrMUonOhiDCWTVHZ9K6WavbdCrvbdX50aEPWmpqfO13nHeF4QcUiok IBlnGdXj6TvoiSZRB76SOqEhM8I7V/tutv4vQ9DOSPbiJoznk30mcSK89D3lHAgqc8 MRHB9+9kLA0Eg== To: Kleber Sacilotto de Souza , netdev@vger.kernel.org Cc: Gerrit Renker , "David S. Miller" , Jakub Kicinski , Thadeu Lima de Souza Cascardo , "Gustavo A. R. Silva" , "Alexander A. Klimov" , Kees Cook , Eric Dumazet , Alexey Kodanev , dccp@vger.kernel.org, linux-kernel@vger.kernel.org References: <20201013171849.236025-1-kleber.souza@canonical.com> <20201013171849.236025-3-kleber.souza@canonical.com> From: Richard Sailer Autocrypt: addr=richard_siegfried@systemli.org; prefer-encrypt=mutual; keydata= mQENBE3hr2UBCACos1E12camcYIlpe25jaqwu+ATrfuFcCIPsLmff7whzxClsaC78lsxQ3jD 4MIlOpkIBWJvc4sziai1P/CrafvM0DTuUasCv+mQpup6cFMWy1JmDtJ8X0Ccy/PH83e9Yjnv xJu0NhoQAqMZrVmXx4Q7DKcgpvkk9Oyd5u6ocfdb2GhF0Bxa7GySZyYOc4rQvduRLOdNMbnS 6SM+cTAhMOHtoqKWCP4EogXKALg6LDFcx8yUoMzLRy/YXsnWa1/WayG8Zr6kX84VKhTGUrdG Pw4Zg1cQ6vqwMZ4RwaR/9RWK2WnYr7XyOTDBgmCix5c5lu+GeLqUYUIPTvdQ7Xgwx0UhABEB AAG0OVJpY2hhcmQgU2llZ2ZyaWVkIFNhaWxlciA8cmljaGFyZF9zaWVnZnJpZWRAc3lzdGVt bGkub3JnPokBVwQTAQgAQQIbIwULCQgHAgYVCAkKCwIEFgIDAQIeAQIXgAIZARYhBAYAIbmK zp5fVAuyN/ZBOcwFm+HhBQJanueLBQkSYNKmAAoJEPZBOcwFm+Hh+ugH/2P0yClrZkkMK5y2 L389qNPlF8i1H77S4NE9zxiHI38jnIFLqjD4F+KzGAXNmOXCw+QYqLL+TmsuGY+5LOLtp/M4 lG6ajVC1JCcF2+bQrDc11g7AG7A+rySX5JpqSFO7ARfLTs3iW1DoyLN7lBUtL9dV+yx9mRUv fx/TcB9ItPhK4rtJuWy3yg6SNBZzkgc0zsCyIkJ4dEtdEW6IgW6Qk242kMVya8fytM02EwEM vBTdca/duCO2tEComPeF+8WExM+BfQ+6o3kpqRsOR6Ek6wDsnalFHy8NHaicbEy7qjybGOKZ IdvzAyAhsmpu+5ltOfQWViNBseqRk1H9ikuTKTq5AQ0ETeGvZQEIANRmPSJX9qVU+Hi74uvD /LYC3wPm5kCAS0Q5jT3AC5cisu8z92b/Bt8DRKwwpu4esZisQu3RSFvnmkrllkuokSAVKxXo bZG2yTq+qecrvKtVH99lA0leiy5TdcJdmhJvkcQv7kvIgKYdXSW1BAhUbtX827IGAW1LCvJL gKqox3Ftxpi5pf/gVh7NFXU/7n6Nr3NGi5havoReeIy8iVKGFjyCFN67vlyzaTV6yTUIdrko StTJJ8c7ECjJSkCW34lj8mR0y9qCRK5gIZURf3jjMQBDuDvHO0XQ4mog6/oOov4vJRyNMhWT 2b0LG5CFJeOQTQVgfaT1MckluRBvYMZAOmkAEQEAAYkBPAQYAQIAJgIbDBYhBAYAIbmKzp5f VAuyN/ZBOcwFm+HhBQJanueQBQkSYNKrAAoJEPZBOcwFm+HhrCAH/2doMkTKWrIzKmBidxOR +hvqJfBB4GvoHBsQoqWj85DtgvE5jKc11FYzSDzQjmMKIIBwaOjjrQ8QyXm2CYJlx7/GiEJc F3QNa5q3GBgiyZ0h78b2Lbu/sBhaCFSXHfnriRGvIXqsxyPMllqb+LBRy56ed97OQBQX8nFI umdUMtt8EFK2SM0KYY1V0COcYqGHMRUiVosTV1aVwoLm2SXsB9jicPUaQbRgsPfglTn00wnl fhJ8bAO800MtG+LW6pzP+6EZPvnHhKBS7Xbl6bn6r2OW32T7TeFg0RJbpE/MW1gY0NjgmtWj vdhuvK9nHCRL2O/xLofm9aoELUaXGHoxMn4= Message-ID: Date: Tue, 13 Oct 2020 20:59:50 +0200 MIME-Version: 1.0 In-Reply-To: <20201013171849.236025-3-kleber.souza@canonical.com> Content-Type: multipart/signed; micalg=pgp-sha512; protocol="application/pgp-signature"; boundary="J1wNxwe2U3hUL6xUfMbG23kWMkDthUjal" Precedence: bulk List-ID: X-Mailing-List: linux-kernel@vger.kernel.org This is an OpenPGP/MIME signed message (RFC 4880 and 3156) --J1wNxwe2U3hUL6xUfMbG23kWMkDthUjal Content-Type: multipart/mixed; boundary="WxePmLM0IhiWSQnQjcpdYpcvAqMuNppWd"; protected-headers="v1" From: Richard Sailer To: Kleber Sacilotto de Souza , netdev@vger.kernel.org Cc: Gerrit Renker , "David S. Miller" , Jakub Kicinski , Thadeu Lima de Souza Cascardo , "Gustavo A. R. Silva" , "Alexander A. Klimov" , Kees Cook , Eric Dumazet , Alexey Kodanev , dccp@vger.kernel.org, linux-kernel@vger.kernel.org Message-ID: Subject: Re: [PATCH 2/2] Revert "dccp: don't free ccid2_hc_tx_sock struct in dccp_disconnect()" References: <20201013171849.236025-1-kleber.souza@canonical.com> <20201013171849.236025-3-kleber.souza@canonical.com> In-Reply-To: <20201013171849.236025-3-kleber.souza@canonical.com> --WxePmLM0IhiWSQnQjcpdYpcvAqMuNppWd Content-Type: text/plain; charset=utf-8 Content-Language: en-US Content-Transfer-Encoding: quoted-printable On 13/10/2020 19:18, Kleber Sacilotto de Souza wrote: > rom: Thadeu Lima de Souza Cascardo >=20 > This reverts commit 2677d20677314101293e6da0094ede7b5526d2b1. >=20 > This fixes an issue that after disconnect, dccps_hc_tx_ccid will still = be > kept, allowing the socket to be reused as a listener socket, and the cl= oned > socket will free its dccps_hc_tx_ccid, leading to a later use after fre= e, > when the listener socket is closed. >=20 > This addresses CVE-2020-16119. >=20 > Fixes: 2677d2067731 (dccp: don't free ccid2_hc_tx_sock struct in dccp_d= isconnect()) > Reported-by: Hadar Manor > Signed-off-by: Thadeu Lima de Souza Cascardo > Signed-off-by: Kleber Sacilotto de Souza > --- Acked-by: Richard Sailer --WxePmLM0IhiWSQnQjcpdYpcvAqMuNppWd-- --J1wNxwe2U3hUL6xUfMbG23kWMkDthUjal Content-Type: application/pgp-signature; name="signature.asc" Content-Description: OpenPGP digital signature Content-Disposition: attachment; filename="signature.asc" -----BEGIN PGP SIGNATURE----- iQEzBAEBCgAdFiEEBgAhuYrOnl9UC7I39kE5zAWb4eEFAl+F+ScACgkQ9kE5zAWb 4eH6sQf/Tqw4Q9r0PAI1c+stYzlcCikkYpFE33vnoG+SbiIQCBhB83rs/BxTNmxO mKRJpzTswAQsqrnGRCrFGcazAUJKWqhAxC6N+g0nZCDZuSVfSAAh5e6ayHP4HLJw SW0daEUNYkdGvYkl5Dhom35pjziR+m1RTWE2EXesA4vMpOG+WBsNyzZ1tmDDb/Ad nYQNfRZOZjXpFWwGg4yVl9q0kddB5RYxkYXHH1gRsMK8uvJRjGXmaj/XdNlcdyLQ BfwUINi94v9arFQZwnjtiKDTkpN5YaD4GLPT+ffQLcBc6P6ixa6CcCCG0khkjLu5 dfBZ8s+blxKb/APl8JUsI6Ud9YMLVw== =+HsJ -----END PGP SIGNATURE----- --J1wNxwe2U3hUL6xUfMbG23kWMkDthUjal--