| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
Message-ID: <20250815110900.2da8f3c5@kernel.org>
Date: Fri, 15 Aug 2025 11:09:00 -0700
From: Jakub Kicinski <kuba@...nel.org>
To: Mihai Moldovan <ionic@...ic.de>
Cc: linux-arm-msm@...r.kernel.org, Manivannan Sadhasivam <mani@...nel.org>,
Denis Kenzior <denkenz@...il.com>, Eric Dumazet <edumazet@...gle.com>,
Kuniyuki Iwashima <kuniyu@...gle.com>, Paolo Abeni <pabeni@...hat.com>,
Willem de Bruijn <willemb@...gle.com>, "David S . Miller"
<davem@...emloft.net>, Simon Horman <horms@...nel.org>,
linux-kernel@...r.kernel.org, netdev@...r.kernel.org
Subject: Re: [PATCH v5 01/11] net: qrtr: ns: validate msglen before ctrl_pkt
use
On Tue, 12 Aug 2025 03:35:27 +0200 Mihai Moldovan wrote:
> The qrtr_ctrl_pkt structure is currently accessed without checking
> if the received payload is large enough to hold the structure's fields.
> Add a check to ensure the payload length is sufficient.
>
> Signed-off-by: Denis Kenzior <denkenz@...il.com>
> Reviewed-by: Marcel Holtmann <marcel@...tmann.org>
> Reviewed-by: Andy Gross <agross@...nel.org>
> Signed-off-by: Mihai Moldovan <ionic@...ic.de>
> Fixes: 0c2204a4ad71 ("net: qrtr: Migrate nameservice to kernel from userspace")
If this is a fix it has to go to net, then once it reaches Linus's tree
the dependent patches should be reposted for net-next.
> diff --git a/net/qrtr/ns.c b/net/qrtr/ns.c
> index 3de9350cbf30..2bcfe539dc3e 100644
> --- a/net/qrtr/ns.c
> +++ b/net/qrtr/ns.c
> @@ -619,6 +619,9 @@ static void qrtr_ns_worker(struct work_struct *work)
> break;
> }
>
> + if ((size_t)msglen < sizeof(*pkt))
> + break;
why not continue?
Powered by blists - more mailing lists