lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list] 
Message-ID: <3fe98bf1-ce7d-0d57-6a49-70efc34ac366@gmail.com>
Date:   Mon, 4 Jun 2018 16:58:44 -0700
From:   Eric Dumazet <eric.dumazet@...il.com>
To:     David Ahern <dsahern@...il.com>,
        Eric Dumazet <edumazet@...gle.com>,
        "David S . Miller" <davem@...emloft.net>
Cc:     netdev <netdev@...r.kernel.org>
Subject: Re: [PATCH net-next] net: metrics: add proper netlink validation



On 06/04/2018 04:54 PM, David Ahern wrote:
> On 6/4/18 4:46 PM, Eric Dumazet wrote:
>> Before using nla_get_u32(), better make sure the attribute
>> is of the proper size.
>>
>> Code recently was changed, but bug has been there from beginning
>> of git.
>>
> ...
>>
>> Fixes: a919525ad832 ("net: Move fib_convert_metrics to metrics file")
> 
> That commit just moved the code from 1 file to another. The previous
> commit id is 6cf9dfd3bd62e, but it just moved code to a helper. The
> originating commit id for the ip_metrics_convert bug is:
> 

Please read what I wrote.

I simply wanted to warn stable teams that your this patch is based on recent tree,
but bug has been there forever.

The Fixes: tag might help them to cook proper backports, thats is all.

A Fixes: tag does not blame the code, it simply gives some hints.


> ea697639992d9 ("net: tcp: add RTAX_CC_ALGO fib handling")
> 

This patch has not added any bug, it was there already.

I can put a (long) list of tags, but ultimately the bug has been there forever.

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ