oss-sec mailing list archives

Re: CVE request: Linux kernel: panic while appending data to a corked IPv6 socket in ip6_append_data_mtu

From: P J P <ppandit () redhat com>
Date: Wed, 24 Jul 2013 01:45:26 +0530 (IST)

+-- On Tue, 23 Jul 2013, Seth Arnold wrote --+
| UDP_CORKED? I don't see this string in my /usr/include/ or recent Linux git 
| tree. 
| Am I missing something?

  It's one of those non-portable Linux socket options.

===
$ man 7 udp 
 ...
 UDP_CORK (since Linux 2.5.44)
              If  this  option is enabled, then all data output on this socket
              is accumulated into a single datagram that is  transmitted  when
              the  option is disabled.  This option should not be used in code
              intended to be portable.
===

Though the crash is more of due to IPV6_MTU value set. (from commit log)

--
Prasad J Pandit / Red Hat Security Response Team
DB7A 84C5 D3F9 7CD1 B5EB  C939 D048 7860 3655 602B

Current thread:

CVE request: Linux kernel: panic while appending data to a corked IPv6 socket in ip6_append_data_mtu P J P (Jul 23)
- Re: CVE request: Linux kernel: panic while appending data to a corked IPv6 socket in ip6_append_data_mtu Seth Arnold (Jul 23)
  - Re: CVE request: Linux kernel: panic while appending data to a corked IPv6 socket in ip6_append_data_mtu P J P (Jul 23)
- Re: CVE request: Linux kernel: panic while appending data to a corked IPv6 socket in ip6_append_data_mtu Kurt Seifried (Jul 23)