| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
Date: Tue, 10 Jan 2017 15:33:55 -0800
From: David Ahern <dsa@...ulusnetworks.com>
To: netdev@...r.kernel.org, stephen@...workplumber.org
Cc: frank.kellermann@...s.net, David Ahern <dsa@...ulusnetworks.com>
Subject: [PATCH iproute2] rttable: Fix invalid range checking when table id is converted to u32
Frank reported that table ids for very large numbers are not properly
detected:
$ ip li add foobar type vrf table 98765432100123456789
command succeeds and resulting table id is actually:
21: foobar: <NOARP,MASTER> mtu 65536 qdisc noop state DOWN mode DEFAULT group default qlen 1000
link/ether da:ea:d4:77:38:2a brd ff:ff:ff:ff:ff:ff promiscuity 0
vrf table 4294967295 addrgenmode eui64 numtxqueues 1 numrxqueues 1 gso_max_size 65536 gso_max_segs 65535
Make the temp variable 'i' unsigned long and let the typecast to u32
happen on assignment to id.
Reported-by: Frank Kellermann <frank.kellermann@...s.net>
Signed-off-by: David Ahern <dsa@...ulusnetworks.com>
---
lib/rt_names.c | 2 +-
1 file changed, 1 insertion(+), 1 deletion(-)
diff --git a/lib/rt_names.c b/lib/rt_names.c
index c66cb1e439e3..63687586508b 100644
--- a/lib/rt_names.c
+++ b/lib/rt_names.c
@@ -404,7 +404,7 @@ int rtnl_rttable_a2n(__u32 *id, const char *arg)
static unsigned long res;
struct rtnl_hash_entry *entry;
char *end;
- __u32 i;
+ unsigned long i;
if (cache && strcmp(cache, arg) == 0) {
*id = res;
--
2.1.4
Powered by blists - more mailing lists