| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
Message-Id: <20200728.173629.741539582090080322.davem@davemloft.net>
Date: Tue, 28 Jul 2020 17:36:29 -0700 (PDT)
From: David Miller <davem@...emloft.net>
To: bkkarthik@...u.pes.edu
Cc: steffen.klassert@...unet.com, herbert@...dor.apana.org.au,
kuznet@....inr.ac.ru, yoshfuji@...ux-ipv6.org, kuba@...nel.org,
netdev@...r.kernel.org, linux-kernel@...r.kernel.org,
gregkh@...uxfoundation.org, skhan@...uxfoundation.org,
linux-kernel-mentees@...ts.linuxfoundation.org
Subject: Re: [PATCH v2] net: ipv6: fix use-after-free Read in
__xfrm6_tunnel_spi_lookup
From: B K Karthik <bkkarthik@...u.pes.edu>
Date: Sun, 26 Jul 2020 08:38:55 +0530
> @@ -103,10 +103,10 @@ static int __xfrm6_tunnel_spi_check(struct net *net, u32 spi)
> {
> struct xfrm6_tunnel_net *xfrm6_tn = xfrm6_tunnel_pernet(net);
> struct xfrm6_tunnel_spi *x6spi;
> - int index = xfrm6_tunnel_spi_hash_byspi(spi);
> + int index = xfrm6_tunnel_spi_hash_byaddr((const xfrm_address_t *)spi);
We can cast this a thousand times to make the compiler quiet, but the
fact is that this function does not expect an integer SPI as an
argument.
It expects a protocol address.
Please stop forcing this fix, I fear you don't understand how this code
works. Come back to us when you do.
Thank you.
Powered by blists - more mailing lists