[<prev] [next>] [<thread-prev] [day] [month] [year] [list]
Message-Id: <20200728.173341.1412402860749304096.davem@davemloft.net>
Date: Tue, 28 Jul 2020 17:33:41 -0700 (PDT)
From: David Miller <davem@...emloft.net>
To: bkkarthik@...u.pes.edu
Cc: herbert@...dor.apana.org.au, kuznet@....inr.ac.ru,
yoshfuji@...ux-ipv6.org, kuba@...nel.org, netdev@...r.kernel.org,
linux-kernel@...r.kernel.org, gregkh@...uxfoundation.org,
skhan@...uxfounation.org
Subject: Re: [PATCH] net: ipv6: fix slab-out-of-bounds Read in
__xfrm6_tunnel_spi_check
From: B K Karthik <bkkarthik@...u.pes.edu>
Date: Sat, 25 Jul 2020 19:00:31 +0530
> use spi_byaddr instead of spi_byspi
...
> diff --git a/net/ipv6/xfrm6_tunnel.c b/net/ipv6/xfrm6_tunnel.c
> index 25b7ebda2fab..cab7693ccfe3 100644
> --- a/net/ipv6/xfrm6_tunnel.c
> +++ b/net/ipv6/xfrm6_tunnel.c
> @@ -103,10 +103,10 @@ static int __xfrm6_tunnel_spi_check(struct net *net, u32 spi)
> {
> struct xfrm6_tunnel_net *xfrm6_tn = xfrm6_tunnel_pernet(net);
> struct xfrm6_tunnel_spi *x6spi;
> - int index = xfrm6_tunnel_spi_hash_byspi(spi);
> + int index = xfrm6_tunnel_spi_hash_byaddr(spi);
You are passing a u32 integer into a function that expects a pointer as an
argument.
This change isn't even compile tested properly, let alone run tested.
Please stop making such careless submissions, this takes up valuable
developer patch review resources.
Thank you.
Powered by blists - more mailing lists