lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [<thread-prev] [day] [month] [year] [list]
Date:   Mon, 17 Aug 2020 08:29:23 -0700
From:   Jakub Kicinski <kuba@...nel.org>
To:     Necip Fazil Yildiran <fazilyildiran@...il.com>
Cc:     davem@...emloft.net, bjorn.andersson@...aro.org,
        netdev@...r.kernel.org, linux-kernel@...r.kernel.org,
        dvyukov@...gle.com, elver@...gle.com, andreyknvl@...gle.com,
        glider@...gle.com, necip@...gle.com,
        syzbot+f31428628ef672716ea8@...kaller.appspotmail.com
Subject: Re: [PATCH v2] net: qrtr: fix usage of idr in port assignment to
 socket

On Mon, 17 Aug 2020 07:39:01 +0000 Necip Fazil Yildiran wrote:
> From: Necip Fazil Yildiran <necip@...gle.com>
> 
> Passing large uint32 sockaddr_qrtr.port numbers for port allocation
> triggers a warning within idr_alloc() since the port number is cast
> to int, and thus interpreted as a negative number. This leads to
> the rejection of such valid port numbers in qrtr_port_assign() as
> idr_alloc() fails.
> 
> To avoid the problem, switch to idr_alloc_u32() instead.
> 
> Fixes: bdabad3e36 ("net: Add Qualcomm IPC router")
> Reported-by: syzbot+f31428628ef672716ea8@...kaller.appspotmail.com
> Signed-off-by: Necip Fazil Yildiran <necip@...gle.com>
> Reviewed-by: Dmitry Vyukov <dvyukov@...gle.com>

Fixes tag: Fixes: bdabad3e36 ("net: Add Qualcomm IPC router")
Has these problem(s):
	- SHA1 should be at least 12 digits long
	  Can be fixed by setting core.abbrev to 12 (or more) or (for git v2.11
	  or later) just making sure it is not set (or set to "auto").

Powered by blists - more mailing lists