lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [<thread-prev] [day] [month] [year] [list] 
Message-ID: <7723c9b1b370f9f23f70285560dad9362e9ab37a.camel@sipsolutions.net>
Date: Tue, 16 Dec 2025 10:28:36 +0100
From: Johannes Berg <johannes@...solutions.net>
To: Ranganath V N <vnranganath.20@...il.com>
Cc: linux-wireless@...r.kernel.org, linux-kernel@...r.kernel.org, 
	skhan@...uxfoundation.org, david.hunter.linux@...il.com, khalid@...nel.org,
 	syzbot+878ddc3962f792e9af59@...kaller.appspotmail.com
Subject: Re: [PATCH v4] wifi: cfg80211: Fix uninitialized header access in
 cfg80211_classify8021d

On Wed, 2025-12-03 at 23:24 +0530, Ranganath V N wrote:
> 
> +++ b/net/wireless/util.c
> @@ -962,12 +962,28 @@ unsigned int cfg80211_classify8021d(struct sk_buff *skb,
>  	}
>  
>  	switch (skb->protocol) {
> -	case htons(ETH_P_IP):
> -		dscp = ipv4_get_dsfield(ip_hdr(skb)) & 0xfc;
> +	case htons(ETH_P_IP): {
> +		struct iphdr iph, *ip;
> +
> +		ip = skb_header_pointer(skb, sizeof(struct ethhdr),
> +					sizeof(*ip), &iph);

The sizeof(struct ethhdr) is probably a *correct* assumption, but
wouldn't skb->network_header make more sense?

Please try to understand the code in question before reposting this
patch *again*, I'm not interested in coding by remote-control.

johannes

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ