| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
Message-ID: <20170223163437.6f2a29cb@griffin>
Date: Thu, 23 Feb 2017 16:34:37 +0100
From: Jiri Benc <jbenc@...hat.com>
To: Matthias Schiffer <mschiffer@...verse-factory.net>
Cc: davem@...emloft.net, netdev@...r.kernel.org
Subject: Re: [PATCH net] vxlan: correctly validate VXLAN ID against
VXLAN_VID_MASK
On Thu, 23 Feb 2017 13:59:02 +0100, Matthias Schiffer wrote:
> The incorrect check caused an off-by-one error: the maximum VID 0xffffff
> was unusable.
>
> Fixes: d342894c5d2f ("vxlan: virtual extensible lan")
> Signed-off-by: Matthias Schiffer <mschiffer@...verse-factory.net>
> ---
> drivers/net/vxlan.c | 2 +-
> 1 file changed, 1 insertion(+), 1 deletion(-)
>
> diff --git a/drivers/net/vxlan.c b/drivers/net/vxlan.c
> index 556953f53437..f89428fb7389 100644
> --- a/drivers/net/vxlan.c
> +++ b/drivers/net/vxlan.c
> @@ -2675,7 +2675,7 @@ static int vxlan_validate(struct nlattr *tb[], struct nlattr *data[])
>
> if (data[IFLA_VXLAN_ID]) {
> __u32 id = nla_get_u32(data[IFLA_VXLAN_ID]);
> - if (id >= VXLAN_VID_MASK)
> + if (id & ~VXLAN_VID_MASK)
> return -ERANGE;
> }
>
"if (id >= VXLAN_N_VID)" would be cleaner and the meaning more obvious.
Thanks,
Jiri
Powered by blists - more mailing lists