| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
Message-ID: <20251209224158.2322551-1-irogers@google.com>
Date: Tue, 9 Dec 2025 14:41:58 -0800
From: Ian Rogers <irogers@...gle.com>
To: Andrew Morton <akpm@...ux-foundation.org>, linux-kernel@...r.kernel.org
Cc: Ian Rogers <irogers@...gle.com>
Subject: [PATCH v1] netlink: Remove implicit 32-bit trunction in nla_memcmp
64-bit truncation to 32-bit can result in the sign of the truncated
value changing. The nla_memcmp function subtracts a 16-bit nla_len
from a size_t size and so this shouldn't occur, but the code looks
hazardous so change it to make the comparisons explicit and avoid a
truncated subtract.
Signed-off-by: Ian Rogers <irogers@...gle.com>
---
lib/nlattr.c | 8 ++++----
1 file changed, 4 insertions(+), 4 deletions(-)
diff --git a/lib/nlattr.c b/lib/nlattr.c
index be9c576b6e2d..6e1c40dd11e3 100644
--- a/lib/nlattr.c
+++ b/lib/nlattr.c
@@ -854,12 +854,12 @@ EXPORT_SYMBOL(nla_memcpy);
int nla_memcmp(const struct nlattr *nla, const void *data,
size_t size)
{
- int d = nla_len(nla) - size;
+ u16 l = nla_len(nla);
- if (d == 0)
- d = memcmp(nla_data(nla), data, size);
+ if (l == size)
+ return memcmp(nla_data(nla), data, size);
- return d;
+ return l > size ? 1 : -1;
}
EXPORT_SYMBOL(nla_memcmp);
--
2.52.0.223.gf5cc29aaa4-goog
Powered by blists - more mailing lists