| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
Message-ID: <aKHriXFxwGlTHwnq@secunet.com> Date: Sun, 17 Aug 2025 16:47:37 +0200 From: Steffen Klassert <steffen.klassert@...unet.com> To: Charalampos Mitrodimas <charmitro@...teo.net> CC: Herbert Xu <herbert@...dor.apana.org.au>, "David S. Miller" <davem@...emloft.net>, David Ahern <dsahern@...nel.org>, Eric Dumazet <edumazet@...gle.com>, Jakub Kicinski <kuba@...nel.org>, Paolo Abeni <pabeni@...hat.com>, Simon Horman <horms@...nel.org>, <netdev@...r.kernel.org>, <linux-kernel@...r.kernel.org>, <syzbot+01b0667934cdceb4451c@...kaller.appspotmail.com> Subject: Re: [PATCH ipsec-next v3] net: ipv6: fix field-spanning memcpy warning in AH output On Tue, Aug 12, 2025 at 03:51:25PM +0000, Charalampos Mitrodimas wrote: > Fix field-spanning memcpy warnings in ah6_output() and > ah6_output_done() where extension headers are copied to/from IPv6 > address fields, triggering fortify-string warnings about writes beyond > the 16-byte address fields. > > memcpy: detected field-spanning write (size 40) of single field "&top_iph->saddr" at net/ipv6/ah6.c:439 (size 16) > WARNING: CPU: 0 PID: 8838 at net/ipv6/ah6.c:439 ah6_output+0xe7e/0x14e0 net/ipv6/ah6.c:439 > > The warnings are false positives as the extension headers are > intentionally placed after the IPv6 header in memory. Fix by properly > copying addresses and extension headers separately, and introduce > helper functions to avoid code duplication. > > Reported-by: syzbot+01b0667934cdceb4451c@...kaller.appspotmail.com > Closes: https://syzkaller.appspot.com/bug?extid=01b0667934cdceb4451c > Signed-off-by: Charalampos Mitrodimas <charmitro@...teo.net> Applied, thanks a lot!
Powered by blists - more mailing lists