lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [day] [month] [year] [list] 
Date:   Mon, 13 Sep 2021 09:45:42 +0200
From:   Greg KH <greg@...ah.com>
To:     linux-kernel@...r.kernel.org
Cc:     colin.king@...onical.com, stable-commits@...r.kernel.org
Subject: Re: Patch "6lowpan: iphc: Fix an off-by-one check of array index"
 has been added to the 4.9-stable tree

On Sun, Sep 12, 2021 at 11:22:19PM -0400, Sasha Levin wrote:
> This is a note to let you know that I've just added the patch titled
> 
>     6lowpan: iphc: Fix an off-by-one check of array index
> 
> to the 4.9-stable tree which can be found at:
>     http://www.kernel.org/git/?p=linux/kernel/git/stable/stable-queue.git;a=summary
> 
> The filename of the patch is:
>      6lowpan-iphc-fix-an-off-by-one-check-of-array-index.patch
> and it can be found in the queue-4.9 subdirectory.
> 
> If you, or anyone else, feels it should not be added to the stable tree,
> please let <stable@...r.kernel.org> know about it.
> 
> 
> 
> commit 68c66a31cc9a38a26a89f9594945390a09355728
> Author: Colin Ian King <colin.king@...onical.com>
> Date:   Mon Jul 12 13:14:40 2021 +0100
> 
>     6lowpan: iphc: Fix an off-by-one check of array index
>     
>     [ Upstream commit 9af417610b6142e826fd1ee8ba7ff3e9a2133a5a ]
>     
>     The bounds check of id is off-by-one and the comparison should
>     be >= rather >. Currently the WARN_ON_ONCE check does not stop
>     the out of range indexing of &ldev->ctx.table[id] so also add
>     a return path if the bounds are out of range.
>     
>     Addresses-Coverity: ("Illegal address computation").
>     Fixes: 5609c185f24d ("6lowpan: iphc: add support for stateful compression")
>     Signed-off-by: Colin Ian King <colin.king@...onical.com>
>     Signed-off-by: Marcel Holtmann <marcel@...tmann.org>
>     Signed-off-by: Sasha Levin <sashal@...nel.org>
> 
> diff --git a/net/6lowpan/debugfs.c b/net/6lowpan/debugfs.c
> index 24915e0bb9ea..2a05c5b5005b 100644
> --- a/net/6lowpan/debugfs.c
> +++ b/net/6lowpan/debugfs.c
> @@ -176,7 +176,8 @@ static int lowpan_dev_debugfs_ctx_init(struct net_device *dev,
>  	struct dentry *dentry, *root;
>  	char buf[32];
>  
> -	WARN_ON_ONCE(id > LOWPAN_IPHC_CTX_TABLE_SIZE);
> +	if (WARN_ON_ONCE(id >= LOWPAN_IPHC_CTX_TABLE_SIZE))
> +		return;
>  
>  	sprintf(buf, "%d", id);
>  

Not the correct return type for this tree, or the 4.14 tree, so dropping
it from those queues as it adds a build warning.

thanks,

greg k-h

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ