| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
Message-Id: <1585813930-19712-1-git-send-email-lirongqing@baidu.com>
Date: Thu, 2 Apr 2020 15:52:10 +0800
From: Li RongQing <lirongqing@...du.com>
To: netdev@...r.kernel.org, bpf@...r.kernel.org, kevin.laatz@...el.com,
ciara.loftus@...el.com, bruce.richardson@...el.com,
jonathan.lemon@...il.com, daniel@...earbox.net
Subject: [PATCH] xsk: fix out of boundary write in __xsk_rcv_memcpy
first_len is remainder of first page, if write size is
larger than it, out of page boundary write will happen
Fixes: c05cd3645814 "(xsk: add support to allow unaligned chunk placement)"
Signed-off-by: Li RongQing <lirongqing@...du.com>
---
net/xdp/xsk.c | 5 +++--
1 file changed, 3 insertions(+), 2 deletions(-)
diff --git a/net/xdp/xsk.c b/net/xdp/xsk.c
index 356f90e4522b..c350108aa38d 100644
--- a/net/xdp/xsk.c
+++ b/net/xdp/xsk.c
@@ -131,8 +131,9 @@ static void __xsk_rcv_memcpy(struct xdp_umem *umem, u64 addr, void *from_buf,
u64 page_start = addr & ~(PAGE_SIZE - 1);
u64 first_len = PAGE_SIZE - (addr - page_start);
- memcpy(to_buf, from_buf, first_len + metalen);
- memcpy(next_pg_addr, from_buf + first_len, len - first_len);
+ memcpy(to_buf, from_buf, first_len);
+ memcpy(next_pg_addr, from_buf + first_len,
+ len + metalen - first_len);
return;
}
--
2.16.2
Powered by blists - more mailing lists