:: [devuan-dev] bug#430: ax.25 on kern…
Top Page
Delete this message
Reply to this message
Author: Brian
Date:  
To: submit
Subject: [devuan-dev] bug#430: ax.25 on kernels above 4.1
Package: linux-image
Version: all above 4.1

There's a critical bug in the ax.25 module that popped up beginning with
kernel version 4.2 where if a user connected to a site using NetRom, the
underlaying ax.25 virtual circuit fails to close thus leaving a zombie
socket open and available for possible attack. This has been a known
issue on the URONode email list for quite some time, and I'm the
developer of the uronode package in your repositories.

A fix was supplied by Marius YO2LOJ on the list:

---
Let me explain the patch so maybe you can do it yourself, since the
code
will probably not work on a 5.x kernel...

The target function is ax25_disconnect(ax25_cb *ax25, int reason).

The function is in the file ax25_subr.c in the 4.9 version.

the last part is an:

if (ax25->sk != NULL) {

(...the ax25 socket is closed here...)

}

This if catches only full ax25 connections, not the ones associated with
netrom connections.

So for netrom connections, we also need a socket deletion, so add to
this if the following else:

else {

ax25_destroy_socket(ax25);

}

Maybe this helps get you going...

Marius, YO2LOJ
---

A weblink to his mail:
https://n1uro.ampr.org/cgi-bin/mailman/private/uronode/2019-September/001284.html
however it's only available to subscribers.

--
If Confucius were alive today:
"A computing device left in the OFF power state never crashes"
-----
73 de Brian N1URO
IPv6 Certified
SMTP: n1uro-at-n1uro.ampr.org