lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list]
Message-ID: <150f7e19.e27f3.1898aadc871.Coremail.linma@zju.edu.cn>
Date:   Tue, 25 Jul 2023 09:33:12 +0800 (GMT+08:00)
From:   "Lin Ma" <linma@....edu.cn>
To:     "Jakub Kicinski" <kuba@...nel.org>
Cc:     "Joe Perches" <joe@...ches.com>, jhs@...atatu.com,
        xiyou.wangcong@...il.com, jiri@...nulli.us, davem@...emloft.net,
        edumazet@...gle.com, pabeni@...hat.com, netdev@...r.kernel.org,
        linux-kernel@...r.kernel.org
Subject: Re: [PATCH v2] net/sched: mqprio: Add length check for
 TCA_MQPRIO_{MAX/MIN}_RATE64

Hi Jakub,

> > > > The nla_for_each_nested parsing in function mqprio_parse_nlattr() does
> > > > not check the length of the nested attribute. This can lead to an
> > > > out-of-attribute read and allow a malformed nlattr (e.g., length 0) to
> > > > be viewed as 8 byte integer and passed to priv->max_rate/min_rate.
> > > > 
> > > > This patch adds the check based on nla_len() when check the nla_type(),
> > > > which ensures that the length of these two attribute must equals
> > > > sizeof(u64).  
> > > 
> > > How do you run get_maintainer? You didn't CC the author of the code.  
> > 
> > That's weird, I just ran code below and send this patch to all 9 emails poped out.
> > 
> > # ./scripts/get_maintainer.pl net/sched/sch_mqprio.c
> 
> Joe, here's another case.
> 
> Lin Ma, you need to run the script on the file generated by 
> git format-patch, rather than the file path. That gives better
> coverage for keywords included in the commit message (especially 
> the Fixes tag). Please rerun it on the patch and repost with 
> the right CC list.

Copy that. Sorry for the inconvenience that was raised by that. Will 
resend the patch with the correct CC list ASAP.

Regards
Lin

> -- 
> pw-bot: cr

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ