| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
Message-ID: <20250205141049.6f10168e@gmx.net> Date: Wed, 5 Feb 2025 14:10:49 +0100 From: Peter Seiderer <ps.report@....net> To: Simon Horman <horms@...nel.org> Cc: netdev@...r.kernel.org, linux-kernel@...r.kernel.org, linux-kselftest@...r.kernel.org, "David S . Miller" <davem@...emloft.net>, Eric Dumazet <edumazet@...gle.com>, Jakub Kicinski <kuba@...nel.org>, Paolo Abeni <pabeni@...hat.com>, Shuah Khan <shuah@...nel.org>, Nam Cao <namcao@...utronix.de>, Thomas Gleixner <tglx@...utronix.de>, Frederic Weisbecker <frederic@...nel.org>, Artem Chernyshev <artem.chernyshev@...-soft.ru> Subject: Re: [PATCH net-next v3 08/10] net: pktgen: fix access outside of user given buffer in pktgen_if_write() Hello Simon, On Tue, 4 Feb 2025 10:52:51 +0000, Simon Horman <horms@...nel.org> wrote: > On Mon, Feb 03, 2025 at 06:01:59PM +0100, Peter Seiderer wrote: > > Honour the user given buffer size for the hex32_arg(), num_arg(), > > strn_len(), get_imix_entries() and get_labels() calls (otherwise they will > > access memory outside of the user given buffer). > > > > In hex32_arg(), num_arg(), strn_len() error out in case no characters are > > available (maxlen = 0), in num_arg() additional error out in case no valid > > character is parsed. > > > > In get_labels() additional enable parsing labels up to MAX_IMIX_ENTRIES > > instead of (MAX_IMIX_ENTRIES - 1). > > > > Additional remove some superfluous variable initializing and align some > > variable declarations to the most common pattern. > > > > Signed-off-by: Peter Seiderer <ps.report@....net> > > ... > > > diff --git a/net/core/pktgen.c b/net/core/pktgen.c > > ... > > > @@ -872,7 +886,8 @@ static ssize_t get_imix_entries(const char __user *buffer, > > if (size < 14 + 20 + 8) > > size = 14 + 20 + 8; > > > > - len = num_arg(&buffer[i], max_digits, &weight); > > + max = min(10, maxlen - i); > > Hi Peter, > > 10 is used as a magic value here. I think it would be best if > it were a #define so it has a name. Likewise for other constants > used as arguments to min() in this patch. > > ... O.k, done in the next patch iteration... Thanks for review! Regards, Peter
Powered by blists - more mailing lists