| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
Message-ID: <4c64dd30-b742-cc54-540d-f81f6f0ecc18@c-s.fr>
Date: Sat, 15 Feb 2020 18:58:39 +0100
From: Christophe Leroy <christophe.leroy@....fr>
To: "netdev@...r.kernel.org" <netdev@...r.kernel.org>
Subject: [netlink_bind()] [Bug 206525] BUG: KASAN: stack-out-of-bounds in
test_bit+0x30/0x44 (kernel 5.6-rc1)
-------- Message transféré --------
Sujet : [Bug 206525] BUG: KASAN: stack-out-of-bounds in
test_bit+0x30/0x44 (kernel 5.6-rc1)
Date : Sat, 15 Feb 2020 17:52:44 +0000
De : bugzilla-daemon@...zilla.kernel.org
Pour : linuxppc-dev@...ts.ozlabs.org
https://bugzilla.kernel.org/show_bug.cgi?id=206525
--- Comment #3 from Christophe Leroy (christophe.leroy@....fr) ---
Bug introduced by commit ("cf5bddb95cbe net: bridge: vlan: add rtnetlink
group
and notify support")
RTNLGRP_MAX is now 33.
'unsigned long groups' is 32 bits long on PPC32
Following loop in netlink_bind() overflows.
for (group = 0; group < nlk->ngroups; group++) {
if (!test_bit(group, &groups))
continue;
err = nlk->netlink_bind(net, group + 1);
if (!err)
continue;
netlink_undo_bind(group, groups, sk);
goto unlock;
}
Should 'groups' be changes to 'unsigned long long' ?
--
You are receiving this mail because:
You are watching the assignee of the bug.
Powered by blists - more mailing lists