lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  PHC 
Open Source and information security mailing list archives
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list]
Date:   Wed, 22 Jul 2020 03:20:59 -0700
From:   Mark Salyzyn <>
To:     Steffen Klassert <>
Cc:,,, Herbert Xu <>,
        "David S. Miller" <>,
        Jakub Kicinski <>
Subject: Re: af_key: pfkey_dump needs parameter validation

On 7/22/20 2:33 AM, Steffen Klassert wrote:
> On Tue, Jul 21, 2020 at 06:23:54AM -0700, Mark Salyzyn wrote:
>> In pfkey_dump() dplen and splen can both be specified to access the
>> xfrm_address_t structure out of bounds in__xfrm_state_filter_match()
>> when it calls addr_match() with the indexes.  Return EINVAL if either
>> are out of range.
>> Signed-off-by: Mark Salyzyn <>
>> Cc:
>> Cc:
>> Cc:
>> ---
>> Should be back ported to the stable queues because this is a out of
>> bounds access.
> Please do a v2 and add a proper 'Fixes' tag if this is a fix that
> needs to be backported.
> Thanks!

Confused because this code was never right? From 2008 there was a 
rewrite that instantiated this fragment of code so that it could handle 
continuations for overloaded receive queues, but it was not right before 
the adjustment.

Fixes: 83321d6b9872b94604e481a79dc2c8acbe4ece31 ("[AF_KEY]: Dump SA/SP 
entries non-atomically")

that is reaching back more than 12 years and the blame is poorly aimed 

Sincerely -- Mark Salyzyn

Powered by blists - more mailing lists