| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
Message-Id: <20241213230820.1957-1-hdanton@sina.com>
Date: Sat, 14 Dec 2024 07:08:20 +0800
From: Hillf Danton <hdanton@...a.com>
To: syzbot <syzbot+4f66250f6663c0c1d67e@...kaller.appspotmail.com>
Cc: edumazet@...gle.com,
linux-kernel@...r.kernel.org,
netdev@...r.kernel.org,
syzkaller-bugs@...glegroups.com
Subject: Re: [syzbot] [tipc?] kernel BUG in __pskb_pull_tail
On Thu, 12 Dec 2024 14:20:26 -0800
> syzbot found the following issue on:
>
> HEAD commit: 96b6fcc0ee41 Merge branch 'net-dsa-cleanup-eee-part-1'
> git tree: net-next
> C reproducer: https://syzkaller.appspot.com/x/repro.c?x=117844f8580000
Test fix (https://patchwork.kernel.org/project/netdevbpf/patch/20241212222247.724674-1-edumazet@google.com/ )
#syz test
--- x/drivers/net/tun.c
+++ y/drivers/net/tun.c
@@ -1485,7 +1485,7 @@ static struct sk_buff *tun_napi_alloc_fr
skb->truesize += skb->data_len;
for (i = 1; i < it->nr_segs; i++) {
- const struct iovec *iov = iter_iov(it);
+ const struct iovec *iov = iter_iov(it) + i;
size_t fragsz = iov->iov_len;
struct page *page;
void *frag;
--
Powered by blists - more mailing lists