| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
Message-Id: <20190311.103037.1736601922338617214.davem@davemloft.net>
Date: Mon, 11 Mar 2019 10:30:37 -0700 (PDT)
From: David Miller <davem@...emloft.net>
To: linmiaohe@...wei.com
Cc: kuznet@....inr.ac.ru, yoshfuji@...ux-ipv6.org,
netdev@...r.kernel.org, linux-kernel@...r.kernel.org,
mingfangsen@...wei.com
Subject: Re: [PATCH net] net: sit: fix UBSAN Undefined behaviour in
check_6rd
From: David Miller <davem@...emloft.net>
Date: Mon, 11 Mar 2019 10:29:37 -0700 (PDT)
> From: linmiaohe <linmiaohe@...wei.com>
> Date: Mon, 11 Mar 2019 16:29:32 +0800
>
>> @@ -778,8 +778,9 @@ static bool check_6rd(struct ip_tunnel *tunnel, const struct in6_addr *v6dst,
>> pbw0 = tunnel->ip6rd.prefixlen >> 5;
>> pbi0 = tunnel->ip6rd.prefixlen & 0x1f;
>>
>> - d = (ntohl(v6dst->s6_addr32[pbw0]) << pbi0) >>
>> - tunnel->ip6rd.relay_prefixlen;
>> + d = tunnel->ip6rd.relay_prefixlen < 32 ?
>> + (ntohl(v6dst->s6_addr32[pbw0]) << pbi0) >>
>> + tunnel->ip6rd.relay_prefixlen : 0;
>>
>
> I hate the fact that we have to guard against something which the rest
> of the code makes sure NEVER EVER happens.
>
> Every assignment of ->relay_prefixlen is guarded by a check against 32.
Sorry, I now understand, it can equal 32.
I'll apply this, thank you.
Powered by blists - more mailing lists