| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
Message-ID: <CAM_iQpUFHcX+=R9H5iO1HZLcnbaX=QEzDnRMUYqH+d3NeF7vQA@mail.gmail.com> Date: Fri, 29 Jan 2016 14:17:13 -0800 From: Cong Wang <xiyou.wangcong@...il.com> To: Eric Dumazet <eric.dumazet@...il.com> Cc: roy.qing.li@...il.com, Linux Kernel Network Developers <netdev@...r.kernel.org> Subject: Re: [PATCH] vxlan: fix a out of bounds access in __vxlan_find_mac On Fri, Jan 29, 2016 at 2:01 PM, Eric Dumazet <eric.dumazet@...il.com> wrote: > On Fri, 2016-01-29 at 13:41 -0800, Cong Wang wrote: >> On Thu, Jan 28, 2016 at 5:43 PM, <roy.qing.li@...il.com> wrote: >> > From: Li RongQing <roy.qing.li@...il.com> >> > >> > The size of all_zeros_mac is 6 byte, but eth_hash() will access the >> > 8 byte, and KASan reported the below bug: >> >> >> Sounds like we should fix eth_hash() (macvlan has a same function), >> it should not read beyond 6 bytes. > > Why ? We always have at least 2 bytes following ethernet address in a > packet. Because we have to fix all the cases that don't. > > Better add these 2 bytes in all_zeros_mac[] and not slow down the hash > function. > > We use same tricks in eth_type_trans() > I never doubt it works, as long as you want to audit all the cases like this one, sure go for it.
Powered by blists - more mailing lists