Re: [PATCH net] dccp: check for ccid in ccid_hc_tx_send_packet

From: Paolo Abeni
Date: Thu Nov 02 2023 - 07:15:56 EST

Next message: Lucas Stach: "Re: [PATCH 2/3] drm/scheduler: Fix UAF in drm_sched_fence_get_timeline_name"
Previous message: Paolo Bonzini: "Re: [PATCH v13 12/35] KVM: Prepare for handling only shared mappings in mmu_notifier events"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

On Sat, 2023-10-28 at 20:11 +0530, Bragatheswaran Manickavel wrote:
> ccid_hc_tx_send_packet might be called with a NULL ccid pointer
> leading to a NULL pointer dereference

You should describe how such event could happen.

> Below mentioned commit has similarly changes
> commit 276bdb82dedb ("dccp: check ccid before dereferencing")
>
> Reported-by: syzbot+c71bc336c5061153b502@xxxxxxxxxxxxxxxxxxxxxxxxx
> Closes: https://syzkaller.appspot.com/bug?extid=c71bc336c5061153b502

and add a suitable fixes here.

(beyond taking care of other critical code paths, as reported by Eric).

Thanks!

Paolo

Next message: Lucas Stach: "Re: [PATCH 2/3] drm/scheduler: Fix UAF in drm_sched_fence_get_timeline_name"
Previous message: Paolo Bonzini: "Re: [PATCH v13 12/35] KVM: Prepare for handling only shared mappings in mmu_notifier events"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]