| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
Date: Tue, 6 Feb 2024 12:09:05 +0100
From: Michal Kubecek <mkubecek@...e.cz>
To: Dan Carpenter <dan.carpenter@...aro.org>
Cc: Florian Westphal <fw@...len.de>,
Pablo Neira Ayuso <pablo@...filter.org>,
Jozsef Kadlecsik <kadlec@...filter.org>,
"David S. Miller" <davem@...emloft.net>,
Eric Dumazet <edumazet@...gle.com>,
Jakub Kicinski <kuba@...nel.org>, Paolo Abeni <pabeni@...hat.com>,
netfilter-devel@...r.kernel.org, coreteam@...filter.org,
netdev@...r.kernel.org, linux-kernel@...r.kernel.org,
kernel-janitors@...r.kernel.org, andrea.mattiazzo@...e.com
Subject: Re: [PATCH net] netfilter: nf_tables: fix pointer math issue in
nft_byteorder_eval()
On Tue, Feb 06, 2024 at 02:04:10PM +0300, Dan Carpenter wrote:
> On Tue, Feb 06, 2024 at 11:43:36AM +0100, Michal Kubecek wrote:
> >
> > I stumbled upon this when the issue got a CVE id (sigh) and I share
> > Andrea's (Cc-ed) concern that the fix is incomplete. While the fix,
> > commit c301f0981fdd ("netfilter: nf_tables: fix pointer math issue in
> > nft_byteorder_eval()") now, fixes the destination side, src is still
> > a pointer to u32, i.e. we are reading 64-bit values with relative
> > offsets which are multiples of 32 bits.
> >
> > Shouldn't we fix this as well, e.g. like indicated below?
> >
>
> Yep. You're right. Could you send that as a patch.
Thank you for checking. I'll send a patch in a moment.
Michal
Download attachment "signature.asc" of type "application/pgp-signature" (489 bytes)
Powered by blists - more mailing lists