lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [<thread-prev] [day] [month] [year] [list]
Date:   Tue, 04 Feb 2020 11:43:50 +0100 (CET)
From:   David Miller <davem@...emloft.net>
To:     xiyou.wangcong@...il.com
Cc:     netdev@...r.kernel.org,
        syzbot+35d4dea36c387813ed31@...kaller.appspotmail.com,
        eric.dumazet@...il.com, john.fastabend@...il.com, jhs@...atatu.com,
        jiri@...nulli.us, kuba@...nel.org
Subject: Re: [Patch net v2] net_sched: fix an OOB access in cls_tcindex

From: Cong Wang <xiyou.wangcong@...il.com>
Date: Sun,  2 Feb 2020 21:14:35 -0800

> As Eric noticed, tcindex_alloc_perfect_hash() uses cp->hash
> to compute the size of memory allocation, but cp->hash is
> set again after the allocation, this caused an out-of-bound
> access.
> 
> So we have to move all cp->hash initialization and computation
> before the memory allocation. Move cp->mask and cp->shift together
> as cp->hash may need them for computation too.
> 
> Reported-and-tested-by: syzbot+35d4dea36c387813ed31@...kaller.appspotmail.com
> Fixes: 331b72922c5f ("net: sched: RCU cls_tcindex")
> Cc: Eric Dumazet <eric.dumazet@...il.com>
> Cc: John Fastabend <john.fastabend@...il.com>
> Cc: Jamal Hadi Salim <jhs@...atatu.com>
> Cc: Jiri Pirko <jiri@...nulli.us>
> Cc: Jakub Kicinski <kuba@...nel.org>
> Signed-off-by: Cong Wang <xiyou.wangcong@...il.com>

Applied and queued up for -stable, thanks Cong.

Powered by blists - more mailing lists