lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [<thread-prev] [day] [month] [year] [list]
Message-ID: <20250801150651.54969a4e@kernel.org>
Date: Fri, 1 Aug 2025 15:06:51 -0700
From: Jakub Kicinski <kuba@...nel.org>
To: maher azz <maherazz04@...il.com>
Cc: netdev@...r.kernel.org, linux-kernel@...r.kernel.org, Jamal Hadi Salim
 <jhs@...atatu.com>, Cong Wang <xiyou.wangcong@...il.com>, jiri@...nulli.us,
 davem@...emloft.net, Eric Dumazet <edumazet@...gle.com>, pabeni@...hat.com,
 Simon Horman <horms@...nel.org>, Ferenc Fejes <fejes@....elte.hu>, Vladimir
 Oltean <vladimir.oltean@....com>
Subject: Re: [PATCH v2 net] net/sched: mqprio: fix stack out-of-bounds write
 in tc entry parsing

On Tue, 29 Jul 2025 16:39:26 +0100 maher azz wrote:
> From: Maher Azzouzi <maherazz04@...il.com>
> 
> TCA_MQPRIO_TC_ENTRY_INDEX is validated using
> NLA_POLICY_MAX(NLA_U32, TC_QOPT_MAX_QUEUE), which allows the value
> TC_QOPT_MAX_QUEUE (16). This leads to a 4-byte out-of-bounds stack write in
> the fp[] array, which only has room for 16 elements (0–15).
> 
> Fix this by changing the policy to allow only up to TC_QOPT_MAX_QUEUE - 1.
> 
> Fixes: f62af20bed2d ("net/sched: mqprio: allow per-TC user input of FP
> adminStatus")

Don't wrap the Fixes tags;

> 

no empty lines between tags;

> Signed-off-by: Maher Azzouzi <maherazz04@...il.com>

your email client is corrupting the emails, tabs get replaced with
spaces. Please add the review tag you received from Eric on v1 and
try sending v3 with git send-email?
-- 
pw-bot: cr

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ