[<prev] [next>] [<thread-prev] [day] [month] [year] [list]
Message-ID: <20170424075909.GA20194@gondor.apana.org.au>
Date: Mon, 24 Apr 2017 15:59:09 +0800
From: Herbert Xu <herbert@...dor.apana.org.au>
To: Sabrina Dubroca <sd@...asysnail.net>
Cc: netdev@...r.kernel.org,
Steffen Klassert <steffen.klassert@...unet.com>
Subject: Re: [PATCH net] xfrm: fix stack access out of bounds with
CONFIG_XFRM_SUB_POLICY
On Fri, Apr 21, 2017 at 02:05:31PM +0200, Sabrina Dubroca wrote:
>
> You're right. I had a note about that but it got lost. The bug
> (ignoring what flavor of flowi is passed) is older than that (from the
> introduction of subpolicies, I suspect, but I would have to dig more
> into the history), but this commit removed the last uses of
> origin/partner.
>
> Looking into raw_sendmsg(), this code may have been safe before
> 9d6ec938019c ("ipv4: Use flowi4 in public route lookup interfaces."),
> since full flowi were used.
>
> If we want a fix for kernels that don't have ca116922afa8, we would
> probably need to take the size of the flowi* struct depending on the
> address family passed to xfrm_resolve_and_create_bundle().
>
>
> I'm not sure how to proceed here, any advice?
I think the Fixes header should simply refer to the commit that
introduced the bug. You're instead using it as a hint for how
to backport the patch. That is beyond the scope of the Fixes
header.
So if the bug started with 9d6ec938019c then just use that in
your Fixes header. If you want to help the backporter with more
information then you can put ca116922afa8 in the body of the commit
description.
Cheers,
--
Email: Herbert Xu <herbert@...dor.apana.org.au>
Home Page: http://gondor.apana.org.au/~herbert/
PGP Key: http://gondor.apana.org.au/~herbert/pubkey.txt
Powered by blists - more mailing lists