From: Alexander Aring <aar@pengutronix.de>
To: Vegard Nossum <vegard.nossum@oracle.com>
Cc: linux-wpan@vger.kernel.org, netdev@vger.kernel.org,
Lennert Buytenhek <buytenh@wantstofly.org>,
Alexander Aring <alex.aring@gmail.com>,
Marcel Holtmann <marcel@holtmann.org>,
Dmitry Eremin-Solenikov <dbaryshkov@gmail.com>,
Sergey Lapin <slapin@ossfans.org>
Subject: Re: [PATCH] ieee802154: check device type
Date: Sat, 23 Jul 2016 14:21:46 +0200 [thread overview]
Message-ID: <6daeeb69-fc93-24b3-8218-bc483df65b45@pengutronix.de> (raw)
In-Reply-To: <1469004191-30920-1-git-send-email-vegard.nossum@oracle.com>
Hi,
On 07/20/2016 10:43 AM, Vegard Nossum wrote:
> I've observed a NULL pointer dereference in ieee802154_del_iface() during
> netlink fuzzing. It's the ->wpan_phy dereference here:
>
> phy = dev->ieee802154_ptr->wpan_phy;
>
> My bet is that we're not checking that this is an IEEE802154 interface,
> so let's do what ieee802154_nl_get_dev() is doing. (Maybe we should even
> be calling this directly?)
>
> Cc: Lennert Buytenhek <buytenh@wantstofly.org>
> Cc: Alexander Aring <alex.aring@gmail.com>
> Cc: Marcel Holtmann <marcel@holtmann.org>
> Cc: Dmitry Eremin-Solenikov <dbaryshkov@gmail.com>
> Cc: Sergey Lapin <slapin@ossfans.org>
> Signed-off-by: Vegard Nossum <vegard.nossum@oracle.com>
Acked-by: Alexander Aring <aar@pengutronix.de>
thanks for letting us known that this bug exists.
Unfortunate I don't care much about this code. This code is part of the
old UAPI for 802.15.4 subsystems and there are many bugs known.
Nevertheless I added my ack here and would like that Marcel apply this
patch into his bluetooth tree repository.
The new netlink api exists since 3.19 and highly recommended to don't
use the old stuff. The ieee802154 never got out the experimental state,
there was a patch [0] which globally remove the experimental Kconfig
entry, but no maintainer ever said that this branch isn't in
experimental state anymore.
I will prepare a RFC series to remove all deprecated handling which we
have replacements for it, these are:
- old netlink api
- af_802154 raw sockets, will replaced by AF_PACKET RAW
- Alex
[0] https://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/commit/net/ieee802154/Kconfig?id=f4671a90c418b5aae14b61a9fc9d79c629403ca0
prev parent reply other threads:[~2016-07-23 12:21 UTC|newest]
Thread overview: 2+ messages / expand[flat|nested] mbox.gz Atom feed top
2016-07-20 8:43 [PATCH] ieee802154: check device type Vegard Nossum
2016-07-23 12:21 ` Alexander Aring [this message]
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=6daeeb69-fc93-24b3-8218-bc483df65b45@pengutronix.de \
--to=aar@pengutronix.de \
--cc=alex.aring@gmail.com \
--cc=buytenh@wantstofly.org \
--cc=dbaryshkov@gmail.com \
--cc=linux-wpan@vger.kernel.org \
--cc=marcel@holtmann.org \
--cc=netdev@vger.kernel.org \
--cc=slapin@ossfans.org \
--cc=vegard.nossum@oracle.com \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for NNTP newsgroup(s).