| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
Date: Tue, 12 Jan 2016 16:42:11 -0500 (EST)
From: David Miller <davem@...emloft.net>
To: matti.vaittinen@...ia.com
Cc: johannes.berg@...el.com, jbenc@...hat.com, bywxiaobai@....com,
netdev@...r.kernel.org, linux-kernel@...r.kernel.org,
alexander.sverdlin@...ia.com, teppo.o.pennanen@...ia.com
Subject: Re: [PATCH 1/1] net: netlink: Fix multicast group storage
allocation for families with more than one groups
From: Matti Vaittinen <matti.vaittinen@...ia.com>
Date: Mon, 11 Jan 2016 14:26:19 +0200
> Multicast groups are stored in global buffer. Check for needed buffer size
> incorrectly compares buffer size to first id for family. This means that
> for families with more than one mcast id one may allocate too small buffer
> and end up writing rest of the groups to some unallocated memory. Fix the
> buffer size check to compare allocated space to last mcast id for the
> family.
>
> Tested on ARM using kernel 3.14
>
> Signed-off-by: Matti Vaittinen <matti.vaittinen@...ia.com>
Indeed, it looks like this function was never tested with any value
of n_groups other than one.
But I think your change has an off-by-one bug:
> - if (id >= mc_groups_longs * BITS_PER_LONG) {
> + if (id + n_groups >= mc_groups_longs * BITS_PER_LONG) {
I think this needs to be "id + n_groups > ". Consider the existing,
working, case of "n_groups == 1". Now you're adding '1' and therefore
the test needs to be adjusted from >= to >.
Thanks.
Powered by blists - more mailing lists