| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
Date: Sun, 6 Dec 2020 19:20:38 +0100
From: Andrea Parri <parri.andrea@...il.com>
To: Michael Kelley <mikelley@...rosoft.com>
Cc: "linux-kernel@...r.kernel.org" <linux-kernel@...r.kernel.org>,
KY Srinivasan <kys@...rosoft.com>,
Haiyang Zhang <haiyangz@...rosoft.com>,
Stephen Hemminger <sthemmin@...rosoft.com>,
Wei Liu <wei.liu@...nel.org>,
"linux-hyperv@...r.kernel.org" <linux-hyperv@...r.kernel.org>,
Juan Vazquez <juvazq@...rosoft.com>,
Saruhan Karademir <skarade@...rosoft.com>
Subject: Re: [PATCH 3/6] Drivers: hv: vmbus: Avoid double fetch of
payload_size in vmbus_on_msg_dpc()
On Sun, Dec 06, 2020 at 05:14:18PM +0000, Michael Kelley wrote:
> From: Andrea Parri (Microsoft) <parri.andrea@...il.com> Sent: Wednesday, November 18, 2020 6:37 AM
> >
> > vmbus_on_msg_dpc() double fetches from payload_size. The double fetch
> > can lead to a buffer overflow when (mem)copying the hv_message object.
> > Avoid the double fetch by saving the value of payload_size into a local
> > variable.
>
> Similar comment here about providing some brief context in the commit
> message on the problem that we are guarding against by removing the
> double fetch.
Will expand.
>
> I could see combining this patch with the previous one since the
> motivation and pattern of the changes are exactly the same, just for
> two different fields.
Will consider this suggestion for v3. Please see v2 for a related
discussion.
Andrea
Powered by blists - more mailing lists