| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
Message-ID: <197f8d43-d6fa-e701-92ba-81148fc139a5@gmail.com>
Date: Sat, 22 Aug 2020 09:45:13 -0600
From: David Ahern <dsahern@...il.com>
To: Nikolay Aleksandrov <nikolay@...ulusnetworks.com>,
netdev@...r.kernel.org
Cc: davem@...emloft.net,
syzbot+a61aa19b0c14c8770bd9@...kaller.appspotmail.com
Subject: Re: [PATCH net v2] net: nexthop: don't allow empty NHA_GROUP
On 8/22/20 6:06 AM, Nikolay Aleksandrov wrote:
> Currently the nexthop code will use an empty NHA_GROUP attribute, but it
> requires at least 1 entry in order to function properly. Otherwise we
> end up derefencing null or random pointers all over the place due to not
> having any nh_grp_entry members allocated, nexthop code relies on having at
> least the first member present. Empty NHA_GROUP doesn't make any sense so
> just disallow it.
> Also add a WARN_ON for any future users of nexthop_create_group().
>
...
>
> CC: David Ahern <dsahern@...il.com>
> Fixes: 430a049190de ("nexthop: Add support for nexthop groups")
> Reported-by: syzbot+a61aa19b0c14c8770bd9@...kaller.appspotmail.com
> Signed-off-by: Nikolay Aleksandrov <nikolay@...ulusnetworks.com>
> ---
> Tested on 5.3 and latest -net by adding a nexthop with an empty NHA_GROUP
> (purposefully broken iproute2) and then adding a route which uses it.
>
> v2: no changes, include stack trace in commit message
>
> net/ipv4/nexthop.c | 5 ++++-
> 1 file changed, 4 insertions(+), 1 deletion(-)
>
Reviewed-by: David Ahern <dsahern@...il.com>
Thanks, Nik
Powered by blists - more mailing lists