[<prev] [next>] [day] [month] [year] [list]
Message-ID: <YT8Bpu12FuzW5sqy@kroah.com>
Date: Mon, 13 Sep 2021 09:45:42 +0200
From: Greg KH <greg@...ah.com>
To: linux-kernel@...r.kernel.org
Cc: colin.king@...onical.com, stable-commits@...r.kernel.org
Subject: Re: Patch "6lowpan: iphc: Fix an off-by-one check of array index"
has been added to the 4.9-stable tree
On Sun, Sep 12, 2021 at 11:22:19PM -0400, Sasha Levin wrote:
> This is a note to let you know that I've just added the patch titled
>
> 6lowpan: iphc: Fix an off-by-one check of array index
>
> to the 4.9-stable tree which can be found at:
> http://www.kernel.org/git/?p=linux/kernel/git/stable/stable-queue.git;a=summary
>
> The filename of the patch is:
> 6lowpan-iphc-fix-an-off-by-one-check-of-array-index.patch
> and it can be found in the queue-4.9 subdirectory.
>
> If you, or anyone else, feels it should not be added to the stable tree,
> please let <stable@...r.kernel.org> know about it.
>
>
>
> commit 68c66a31cc9a38a26a89f9594945390a09355728
> Author: Colin Ian King <colin.king@...onical.com>
> Date: Mon Jul 12 13:14:40 2021 +0100
>
> 6lowpan: iphc: Fix an off-by-one check of array index
>
> [ Upstream commit 9af417610b6142e826fd1ee8ba7ff3e9a2133a5a ]
>
> The bounds check of id is off-by-one and the comparison should
> be >= rather >. Currently the WARN_ON_ONCE check does not stop
> the out of range indexing of &ldev->ctx.table[id] so also add
> a return path if the bounds are out of range.
>
> Addresses-Coverity: ("Illegal address computation").
> Fixes: 5609c185f24d ("6lowpan: iphc: add support for stateful compression")
> Signed-off-by: Colin Ian King <colin.king@...onical.com>
> Signed-off-by: Marcel Holtmann <marcel@...tmann.org>
> Signed-off-by: Sasha Levin <sashal@...nel.org>
>
> diff --git a/net/6lowpan/debugfs.c b/net/6lowpan/debugfs.c
> index 24915e0bb9ea..2a05c5b5005b 100644
> --- a/net/6lowpan/debugfs.c
> +++ b/net/6lowpan/debugfs.c
> @@ -176,7 +176,8 @@ static int lowpan_dev_debugfs_ctx_init(struct net_device *dev,
> struct dentry *dentry, *root;
> char buf[32];
>
> - WARN_ON_ONCE(id > LOWPAN_IPHC_CTX_TABLE_SIZE);
> + if (WARN_ON_ONCE(id >= LOWPAN_IPHC_CTX_TABLE_SIZE))
> + return;
>
> sprintf(buf, "%d", id);
>
Not the correct return type for this tree, or the 4.14 tree, so dropping
it from those queues as it adds a build warning.
thanks,
greg k-h
Powered by blists - more mailing lists