| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
Message-Id: <20121209.190138.1226210899759529416.davem@davemloft.net> Date: Sun, 09 Dec 2012 19:01:38 -0500 (EST) From: David Miller <davem@...emloft.net> To: ncardwell@...gle.com Cc: edumazet@...gle.com, netdev@...r.kernel.org Subject: Re: [PATCH net 2/3] inet_diag: validate byte code to prevent oops in inet_diag_bc_run() From: Neal Cardwell <ncardwell@...gle.com> Date: Sun, 9 Dec 2012 00:43:22 -0500 > Add logic to validate INET_DIAG_BC_S_COND and INET_DIAG_BC_D_COND > operations. > > Previously we did not validate the inet_diag_hostcond, address family, > address length, and prefix length. So a malicious user could make the > kernel read beyond the end of the bytecode array by claiming to have a > whole inet_diag_hostcond when the bytecode was not long enough to > contain a whole inet_diag_hostcond of the given address family. Or > they could make the kernel read up to about 27 bytes beyond the end of > a connection address by passing a prefix length that exceeded the > length of addresses of the given family. > > Signed-off-by: Neal Cardwell <ncardwell@...gle.com> Applied. -- To unsubscribe from this list: send the line "unsubscribe netdev" in the body of a message to majordomo@...r.kernel.org More majordomo info at http://vger.kernel.org/majordomo-info.html
Powered by blists - more mailing lists