undefined | Better HN

0 pointsvbernat9y ago0 comments

This doesn't seem true from the commit: https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/lin...

The bug is said to not be exploitable since Al Viro function change. This change happened in 3.19.

0 comments

3 comments · 2 top-level

mhei9y ago· 1 in thread

The problematic patch only seems to be introduced in mainline 4.2, not 3.19, compare:

http://lxr.free-electrons.com/source/net/core/datagram.c?v=3...

http://lxr.free-electrons.com/source/net/core/datagram.c?v=4...

I am just trying to completely understand the bug, I wonder if it really was unexploitable before the patch. Got any source for that?

EDIT: sorry, misunderstood your message / mixed up commits, I was looking into when 89c22d8c3b27 hit mainline, which causes the vulnerable code path.

vbernatOP9y ago

Why "problematic"? The Al Viro change mentioned in the fix is https://github.com/torvalds/linux/commit/227158db160449b6513.... The commit says this makes the bug not exploitable since the new helper function handles correctly the edge case. The fix still needs to be applied to avoid computing the checksum twice.

trebla9y ago

Is it confirmed that kernels before 3.19 are safe?

j / k navigate · click thread line to collapse