| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
Message-Id: <20170524.153224.1230164587077679673.davem@davemloft.net>
Date: Wed, 24 May 2017 15:32:24 -0400 (EDT)
From: David Miller <davem@...emloft.net>
To: glider@...gle.com
Cc: dvyukov@...gle.com, kcc@...gle.com, edumazet@...gle.com,
linux-kernel@...r.kernel.org, netdev@...r.kernel.org
Subject: Re: [PATCH] net: rtnetlink: bail out from rtnl_fdb_dump() on parse
error
From: Alexander Potapenko <glider@...gle.com>
Date: Tue, 23 May 2017 13:20:28 +0200
> rtnl_fdb_dump() failed to check the result of nlmsg_parse(), which led
> to contents of |ifm| being uninitialized because nlh->nlmsglen was too
> small to accommodate |ifm|. The uninitialized data may affect some
> branches and result in unwanted effects, although kernel data doesn't
> seem to leak to the userspace directly.
>
> The bug has been detected with KMSAN and syzkaller.
>
> Signed-off-by: Alexander Potapenko <glider@...gle.com>
Applied, thanks.
Powered by blists - more mailing lists