| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
Message-Id: <20180302.095932.114514825339473602.davem@davemloft.net>
Date: Fri, 02 Mar 2018 09:59:32 -0500 (EST)
From: David Miller <davem@...emloft.net>
To: lorenzo.bianconi@...hat.com
Cc: netdev@...r.kernel.org, jishi@...hat.com, sbrivio@...hat.com
Subject: Re: [PATCH net-next] ipv6: fix access to non-linear packet in
ndisc_fill_redirect_hdr_option()
From: Lorenzo Bianconi <lorenzo.bianconi@...hat.com>
Date: Fri, 2 Mar 2018 11:53:06 +0100
> Fix the following slab-out-of-bounds kasan report in
> ndisc_fill_redirect_hdr_option when the incoming ipv6 packet is not
> linear and the accessed data are not in the linear data region of orig_skb
...
> Reported-by: Jianlin Shi <jishi@...hat.com>
> Reviewed-by: Stefano Brivio <sbrivio@...hat.com>
> Signed-off-by: Lorenzo Bianconi <lorenzo.bianconi@...hat.com>
As a bug fix this should be targetting 'net' not 'net-next'.
Furthermore, we need an appropriate Fixes: tag so we know when this
problem existed.
If you go far back and it seems like the problem has always been
there, say so and mention how far back you checked.
It also helps to explain exactly how the condition is created
("X creates packet with Y bytes of header space, Z fragments
it at byte N, and that's how we end up here with such a packet")
because such a description aids understanding and might help
suggest alternative (less expensive, cleaner) ways to fix the
problem.
Thanks.
Powered by blists - more mailing lists