lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
Open Source and information security mailing list archives
| ||
|
Date: Mon, 25 May 2020 18:10:08 -0700 (PDT) From: David Miller <davem@...emloft.net> To: horatiu.vultur@...rochip.com Cc: nikolay@...ulusnetworks.com, roopa@...ulusnetworks.com, kuba@...nel.org, andrew@...n.ch, UNGLinuxDriver@...rochip.com, bridge@...ts.linux-foundation.org, netdev@...r.kernel.org, linux-kernel@...r.kernel.org, syzbot+9c6f0f1f8e32223df9a4@...kaller.appspotmail.com Subject: Re: [PATCH] bridge: mrp: Fix out-of-bounds read in br_mrp_parse From: Horatiu Vultur <horatiu.vultur@...rochip.com> Date: Mon, 25 May 2020 09:55:41 +0000 > The issue was reported by syzbot. When the function br_mrp_parse was > called with a valid net_bridge_port, the net_bridge was an invalid > pointer. Therefore the check br->stp_enabled could pass/fail > depending where it was pointing in memory. > The fix consists of setting the net_bridge pointer if the port is a > valid pointer. > > Reported-by: syzbot+9c6f0f1f8e32223df9a4@...kaller.appspotmail.com > Fixes: 6536993371fa ("bridge: mrp: Integrate MRP into the bridge") > Signed-off-by: Horatiu Vultur <horatiu.vultur@...rochip.com> Applied to net-next, thanks.
Powered by blists - more mailing lists