lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list] 
Date:   Fri, 02 Mar 2018 09:59:32 -0500 (EST)
From:   David Miller <davem@...emloft.net>
To:     lorenzo.bianconi@...hat.com
Cc:     netdev@...r.kernel.org, jishi@...hat.com, sbrivio@...hat.com
Subject: Re: [PATCH net-next] ipv6: fix access to non-linear packet in
 ndisc_fill_redirect_hdr_option()

From: Lorenzo Bianconi <lorenzo.bianconi@...hat.com>
Date: Fri,  2 Mar 2018 11:53:06 +0100

> Fix the following slab-out-of-bounds kasan report in
> ndisc_fill_redirect_hdr_option when the incoming ipv6 packet is not
> linear and the accessed data are not in the linear data region of orig_skb
 ...
> Reported-by: Jianlin Shi <jishi@...hat.com>
> Reviewed-by: Stefano Brivio <sbrivio@...hat.com>
> Signed-off-by: Lorenzo Bianconi <lorenzo.bianconi@...hat.com>

As a bug fix this should be targetting 'net' not 'net-next'.

Furthermore, we need an appropriate Fixes: tag so we know when this
problem existed.

If you go far back and it seems like the problem has always been
there, say so and mention how far back you checked.

It also helps to explain exactly how the condition is created
("X creates packet with Y bytes of header space, Z fragments
it at byte N, and that's how we end up here with such a packet")
because such a description aids understanding and might help
suggest alternative (less expensive, cleaner) ways to fix the
problem.

Thanks.

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ