| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
Message-ID: <20181130114732.GX8742@gauss3.secunet.de>
Date: Fri, 30 Nov 2018 12:47:32 +0100
From: Steffen Klassert <steffen.klassert@...unet.com>
To: Florian Westphal <fw@...len.de>
CC: <netdev@...r.kernel.org>, <dan.carpenter@...cle.com>
Subject: Re: [PATCH ipsec-next] xfrm: policy: fix policy hash rebuild
On Tue, Nov 27, 2018 at 01:28:54PM +0100, Florian Westphal wrote:
> Dan Carpenter reports following static checker warning:
> net/xfrm/xfrm_policy.c:1316 xfrm_hash_rebuild()
> warn: 'dir' is out of bounds '3' vs '2'
>
> | 1280 /* reset the bydst and inexact table in all directions */
> | 1281 xfrm_hash_reset_inexact_table(net);
> | 1282
> | 1283 for (dir = 0; dir < XFRM_POLICY_MAX; dir++) {
> | ^^^^^^^^^^^^^^^^^^^^^
> |dir == XFRM_POLICY_MAX at the end of this loop.
> | 1304 /* re-insert all policies by order of creation */
> | 1305 list_for_each_entry_reverse(policy, &net->xfrm.policy_all, walk.all) {
> [..]
> | 1314 xfrm_policy_id2dir(policy->index));
> | 1315 if (!chain) {
> | 1316 void *p = xfrm_policy_inexact_insert(policy, dir, 0);
>
> Fix this by updating 'dir' based on current policy. Otherwise, the
> inexact policies won't be found anymore during lookup, as they get
> hashed to a bogus bin.
>
> Reported-by: Dan Carpenter <dan.carpenter@...cle.com>
> Fixes: cc1bb845adc9 ("xfrm: policy: return NULL when inexact search needed")
> Signed-off-by: Florian Westphal <fw@...len.de>
Applied, thanks Florian!
Powered by blists - more mailing lists