| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
Message-Id: <160218720521.8125.768342314968863398.git-patchwork-notify@kernel.org>
Date: Thu, 08 Oct 2020 20:00:05 +0000
From: patchwork-bot+netdevbpf@...nel.org
To: Anant Thazhemadam <anant.thazhemadam@...il.com>
Cc: linux-kernel-mentees@...ts.linuxfoundation.org,
syzbot+b1bb342d1d097516cbda@...kaller.appspotmail.com,
johannes@...solutions.net, davem@...emloft.net, kuba@...nel.org,
linux-wireless@...r.kernel.org, netdev@...r.kernel.org,
linux-kernel@...r.kernel.org
Subject: Re: [PATCH] net: wireless: nl80211: fix out-of-bounds access in
nl80211_del_key()
Hello:
This patch was applied to netdev/net.git (refs/heads/master):
On Wed, 7 Oct 2020 09:24:01 +0530 you wrote:
> In nl80211_parse_key(), key.idx is first initialized as -1.
> If this value of key.idx remains unmodified and gets returned, and
> nl80211_key_allowed() also returns 0, then rdev_del_key() gets called
> with key.idx = -1.
> This causes an out-of-bounds array access.
>
> Handle this issue by checking if the value of key.idx after
> nl80211_parse_key() is called and return -EINVAL if key.idx < 0.
>
> [...]
Here is the summary with links:
- net: wireless: nl80211: fix out-of-bounds access in nl80211_del_key()
https://git.kernel.org/netdev/net/c/3dc289f8f139
You are awesome, thank you!
--
Deet-doot-dot, I am a bot.
https://korg.docs.kernel.org/patchwork/pwbot.html
Powered by blists - more mailing lists