summaryrefslogtreecommitdiff
path: root/MAINTAINERS
diff options
context:
space:
mode:
authorHannes Frederic Sowa <hannes@stressinduktion.org>2016-01-22 03:39:43 +0300
committerDavid S. Miller <davem@davemloft.net>2016-01-25 09:18:26 +0300
commit9a368aff9cb370298fa02feeffa861f2db497c18 (patch)
tree87d702049504d914d40c61d91c89bcd5dd1cebf8 /MAINTAINERS
parentb5d7a06906a4875524f5c61c0b312828bf6737de (diff)
downloadlinux-9a368aff9cb370298fa02feeffa861f2db497c18.tar.xz
pptp: fix illegal memory access caused by multiple bind()s
Several times already this has been reported as kasan reports caused by syzkaller and trinity and people always looked at RCU races, but it is much more simple. :) In case we bind a pptp socket multiple times, we simply add it to the callid_sock list but don't remove the old binding. Thus the old socket stays in the bucket with unused call_id indexes and doesn't get cleaned up. This causes various forms of kasan reports which were hard to pinpoint. Simply don't allow multiple binds and correct error handling in pptp_bind. Also keep sk_state bits in place in pptp_connect. Fixes: 00959ade36acad ("PPTP: PPP over IPv4 (Point-to-Point Tunneling Protocol)") Cc: Dmitry Kozlov <xeb@mail.ru> Cc: Sasha Levin <sasha.levin@oracle.com> Cc: Dmitry Vyukov <dvyukov@google.com> Reported-by: Dmitry Vyukov <dvyukov@google.com> Cc: Dave Jones <davej@codemonkey.org.uk> Reported-by: Dave Jones <davej@codemonkey.org.uk> Signed-off-by: Hannes Frederic Sowa <hannes@stressinduktion.org> Signed-off-by: David S. Miller <davem@davemloft.net>
Diffstat (limited to 'MAINTAINERS')
0 files changed, 0 insertions, 0 deletions