lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [<thread-prev] [day] [month] [year] [list]
Message-ID: <CANn89i+KiP+=WzXJvqTjRt1a3GNr1iyn+BTAJ0puYbOLkC+cHA@mail.gmail.com>
Date:   Thu, 7 Dec 2023 13:38:23 +0100
From:   Eric Dumazet <edumazet@...gle.com>
To:     xingwei lee <xrivendell7@...il.com>
Cc:     davem@...emloft.net, dsahern@...nel.org, kuba@...nel.org,
        linux-kernel@...r.kernel.org, netdev@...r.kernel.org,
        pabeni@...hat.com, syoshida@...hat.com,
        syzbot+2cb7b1bd08dc77ae7f89@...kaller.appspotmail.com,
        syzkaller-bugs@...glegroups.com
Subject: Re: [syzbot] [net?] KMSAN: uninit-value in ipgre_xmit

On Thu, Dec 7, 2023 at 6:03 AM xingwei lee <xrivendell7@...il.com> wrote:
>
> Hello Eric.
> I reproduced this bug with repro.c and repro.txt
> HEAD commit: 815fb87b753055df2d9e50f6cd80eb10235fe3e9
> kernel config: https://syzkaller.appspot.com/text?tag=KernelConfig&x=f711bc2a7eb1db25
> as the same in https://syzkaller.appspot.com/bug?extid=2cb7b1bd08dc77ae7f89
>

I think the patch has been merged in net tree, thanks.

commit 80d875cfc9d3711a029f234ef7d680db79e8fa4b
Author:     Shigeru Yoshida <syoshida@...hat.com>
AuthorDate: Sun Dec 3 01:14:41 2023 +0900
Commit:     Paolo Abeni <pabeni@...hat.com>
CommitDate: Wed Dec 6 10:08:05 2023 +0100

    ipv4: ip_gre: Avoid skb_pull() failure in ipgre_xmit()

    In ipgre_xmit(), skb_pull() may fail even if pskb_inet_may_pull() returns
    true. For example, applications can use PF_PACKET to create a malformed
    packet with no IP header. This type of packet causes a problem such as
    uninit-value access.

    This patch ensures that skb_pull() can pull the required size by checking
    the skb with pskb_network_may_pull() before skb_pull().

    Fixes: c54419321455 ("GRE: Refactor GRE tunneling code.")
    Signed-off-by: Shigeru Yoshida <syoshida@...hat.com>
    Reviewed-by: Eric Dumazet <edumazet@...gle.com>
    Reviewed-by: Suman Ghosh <sumang@...vell.com>
    Link: https://lore.kernel.org/r/20231202161441.221135-1-syoshida@redhat.com
    Signed-off-by: Paolo Abeni <pabeni@...hat.com>

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ