lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [<thread-prev] [day] [month] [year] [list]
Message-ID: <20230803102314.768b6462@kernel.org>
Date:   Thu, 3 Aug 2023 10:23:14 -0700
From:   Jakub Kicinski <kuba@...nel.org>
To:     Simon Horman <horms@...nel.org>
Cc:     Sonia Sharma <sosha@...ux.microsoft.com>,
        linux-kernel@...r.kernel.org, linux-hyperv@...r.kernel.org,
        netdev@...r.kernel.org, sosha@...rosoft.com, kys@...rosoft.com,
        mikelley@...rosoft.com, haiyangz@...rosoft.com, wei.liu@...nel.org,
        decui@...rosoft.com, longli@...rosoft.com, davem@...emloft.net,
        edumazet@...gle.com, pabeni@...hat.com
Subject: Re: [PATCH v3 net] net: hv_netvsc: fix netvsc_send_completion to
 avoid multiple message length checks

On Thu, 3 Aug 2023 14:14:01 +0200 Simon Horman wrote:
> > The switch statement in netvsc_send_completion() is incorrectly validating
> > the length of incoming network packets by falling through to the next case.
> > Avoid the fallthrough. Instead break after a case match and then process
> > the complete() call.
> > 
> > Signed-off-by: Sonia Sharma <sonia.sharma@...ux.microsoft.com>  
> 
> Hi Sonia,
> 
> if this is a bug-fix, which seems to be the case, then it probably warrants
> a Fixes tag.

And a description of what this problem results in. The commit message
kinda tells us what the patch does, which we already see from the code.
Paraphrasing corporate America "focus on the impact"...
-- 
pw-bot: cr

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ