lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list]
Message-ID: <20230724175612.0649ef67@kernel.org>
Date:   Mon, 24 Jul 2023 17:56:12 -0700
From:   Jakub Kicinski <kuba@...nel.org>
To:     "Lin Ma" <linma@....edu.cn>, Joe Perches <joe@...ches.com>
Cc:     jhs@...atatu.com, xiyou.wangcong@...il.com, jiri@...nulli.us,
        davem@...emloft.net, edumazet@...gle.com, pabeni@...hat.com,
        netdev@...r.kernel.org, linux-kernel@...r.kernel.org
Subject: Re: [PATCH v2] net/sched: mqprio: Add length check for
 TCA_MQPRIO_{MAX/MIN}_RATE64

On Tue, 25 Jul 2023 08:15:39 +0800 (GMT+08:00) Lin Ma wrote:
> > > The nla_for_each_nested parsing in function mqprio_parse_nlattr() does
> > > not check the length of the nested attribute. This can lead to an
> > > out-of-attribute read and allow a malformed nlattr (e.g., length 0) to
> > > be viewed as 8 byte integer and passed to priv->max_rate/min_rate.
> > > 
> > > This patch adds the check based on nla_len() when check the nla_type(),
> > > which ensures that the length of these two attribute must equals
> > > sizeof(u64).  
> > 
> > How do you run get_maintainer? You didn't CC the author of the code.  
> 
> That's weird, I just ran code below and send this patch to all 9 emails poped out.
> 
> # ./scripts/get_maintainer.pl net/sched/sch_mqprio.c

Joe, here's another case.

Lin Ma, you need to run the script on the file generated by 
git format-patch, rather than the file path. That gives better
coverage for keywords included in the commit message (especially 
the Fixes tag). Please rerun it on the patch and repost with 
the right CC list.
-- 
pw-bot: cr

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ