| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
Message-ID: <Z2K5Aw2Mma9Crr1G@gondor.apana.org.au>
Date: Wed, 18 Dec 2024 19:58:59 +0800
From: Herbert Xu <herbert@...dor.apana.org.au>
To: Dan Carpenter <dan.carpenter@...aro.org>
Cc: Justin Stitt <justinstitt@...gle.com>, Kees Cook <kees@...nel.org>,
Steffen Klassert <steffen.klassert@...unet.com>,
"David S. Miller" <davem@...emloft.net>,
Eric Dumazet <edumazet@...gle.com>,
Jakub Kicinski <kuba@...nel.org>, Paolo Abeni <pabeni@...hat.com>,
Simon Horman <horms@...nel.org>, netdev@...r.kernel.org,
linux-kernel@...r.kernel.org, kernel-janitors@...r.kernel.org,
linux-hardening@...r.kernel.org
Subject: Re: [PATCH net] xfrm: Rewrite key length conversion to avoid
overflows
On Wed, Dec 18, 2024 at 01:54:38PM +0300, Dan Carpenter wrote:
>
> The length is capped in verify_one_alg() type functions:
>
> if (nla_len(rt) < (int)xfrm_alg_len(algp)) {
>
> nla_len() is a USHRT_MAX so the rounded value can't be higher than that.
Good catch. I hope a similar limit applies for af_key?
Thanks,
--
Email: Herbert Xu <herbert@...dor.apana.org.au>
Home Page: http://gondor.apana.org.au/~herbert/
PGP Key: http://gondor.apana.org.au/~herbert/pubkey.txt
Powered by blists - more mailing lists