Gh0st
/
linux
mirror of https://github.com/torvalds/linux.git
1
0
Fork 0
Code Issues Packages Projects Releases Wiki Activity
linux/tools/testing/selftests/net
History
Florian Westphal b0519de8b3 mptcp: fix use-after-free for ipv6 
Turns out that when we accept a new subflow, the newly created
inet_sk(tcp_sk)->pinet6 points at the ipv6_pinfo structure of the
listener socket.

This wasn't caught by the selftest because it closes the accepted fd
before the listening one.

adding a close(listenfd) after accept returns is enough:
 BUG: KASAN: use-after-free in inet6_getname+0x6ba/0x790
 Read of size 1 at addr ffff88810e310866 by task mptcp_connect/2518
 Call Trace:
  inet6_getname+0x6ba/0x790
  __sys_getpeername+0x10b/0x250
  __x64_sys_getpeername+0x6f/0xb0

also alter test program to exercise this.

Reported-by: Christoph Paasch <cpaasch@apple.com>
Signed-off-by: Florian Westphal <fw@strlen.de>
Signed-off-by: David S. Miller <davem@davemloft.net>
 		2020-02-06 11:25:09 +01:00
..
forwarding selftests: mlxsw: Add a TBF selftest 2020-01-25 10:56:31 +01:00
mptcp mptcp: fix use-after-free for ipv6 2020-02-06 11:25:09 +01:00
.gitignore selftests: net: Add FIN_ACK processing order related latency spike test 2020-02-02 13:33:21 -08:00
Makefile selftests: net: Add FIN_ACK processing order related latency spike test 2020-02-02 13:33:21 -08:00
altnames.sh
config
fcnal-test.sh
fib-onlink-tests.sh
fib_nexthop_multiprefix.sh
fib_nexthops.sh
fib_rule_tests.sh
fib_tests.sh
fin_ack_lat.c selftests: net: Add FIN_ACK processing order related latency spike test 2020-02-02 13:33:21 -08:00
fin_ack_lat.sh selftests: net: Add FIN_ACK processing order related latency spike test 2020-02-02 13:33:21 -08:00
icmp_redirect.sh
in_netns.sh
ip6_gre_headroom.sh
ip_defrag.c
ip_defrag.sh
ipv6_flowlabel.c
ipv6_flowlabel.sh
ipv6_flowlabel_mgr.c
l2tp.sh
msg_zerocopy.c
msg_zerocopy.sh
netdevice.sh
nettest.c
pmtu.sh
psock_fanout.c
psock_lib.h
psock_snd.c
psock_snd.sh
psock_tpacket.c
reuseaddr_conflict.c
reuseport_addr_any.c
reuseport_addr_any.sh
reuseport_bpf.c
reuseport_bpf_cpu.c
reuseport_bpf_numa.c
reuseport_dualstack.c
route_localnet.sh
rtnetlink.sh
run_afpackettests
run_netsocktests
so_txtime.c
so_txtime.sh
socket.c
tcp_fastopen_backup_key.c
tcp_fastopen_backup_key.sh
tcp_inq.c
tcp_mmap.c
test_blackhole_dev.sh
test_bpf.sh
test_vxlan_fdb_changelink.sh
test_vxlan_under_vrf.sh
tls.c
traceroute.sh
txring_overwrite.c
udpgro.sh
udpgro_bench.sh
udpgso.c
udpgso.sh
udpgso_bench.sh
udpgso_bench_rx.c
udpgso_bench_tx.c
xfrm_policy.sh