lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
Open Source and information security mailing list archives
| ||
|
Date: Tue, 04 Feb 2020 11:43:50 +0100 (CET) From: David Miller <davem@...emloft.net> To: xiyou.wangcong@...il.com Cc: netdev@...r.kernel.org, syzbot+35d4dea36c387813ed31@...kaller.appspotmail.com, eric.dumazet@...il.com, john.fastabend@...il.com, jhs@...atatu.com, jiri@...nulli.us, kuba@...nel.org Subject: Re: [Patch net v2] net_sched: fix an OOB access in cls_tcindex From: Cong Wang <xiyou.wangcong@...il.com> Date: Sun, 2 Feb 2020 21:14:35 -0800 > As Eric noticed, tcindex_alloc_perfect_hash() uses cp->hash > to compute the size of memory allocation, but cp->hash is > set again after the allocation, this caused an out-of-bound > access. > > So we have to move all cp->hash initialization and computation > before the memory allocation. Move cp->mask and cp->shift together > as cp->hash may need them for computation too. > > Reported-and-tested-by: syzbot+35d4dea36c387813ed31@...kaller.appspotmail.com > Fixes: 331b72922c5f ("net: sched: RCU cls_tcindex") > Cc: Eric Dumazet <eric.dumazet@...il.com> > Cc: John Fastabend <john.fastabend@...il.com> > Cc: Jamal Hadi Salim <jhs@...atatu.com> > Cc: Jiri Pirko <jiri@...nulli.us> > Cc: Jakub Kicinski <kuba@...nel.org> > Signed-off-by: Cong Wang <xiyou.wangcong@...il.com> Applied and queued up for -stable, thanks Cong.
Powered by blists - more mailing lists