lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list]
Date:   Sun, 11 Oct 2020 09:54:36 -0700
From:   Jakub Kicinski <kuba@...nel.org>
To:     Anmol Karn <anmol.karan123@...il.com>
Cc:     davem@...emloft.net, mkubecek@...e.cz, andrew@...n.ch,
        f.fainelli@...il.com, dan.carpenter@...cle.com,
        netdev@...r.kernel.org, linux-kernel@...r.kernel.org,
        linux-kernel-mentees@...ts.linuxfoundation.org,
        syzkaller-bugs@...glegroups.com,
        syzbot+9d1389df89299fa368dc@...kaller.appspotmail.com
Subject: Re: [Linux-kernel-mentees] [PATCH net] ethtool: strset: Fix out of
 bound read in strset_parse_request()

On Sun, 11 Oct 2020 02:39:29 +0530 Anmol Karn wrote:
> Flag ``ETHTOOL_A_STRSET_COUNTS_ONLY`` tells the kernel to only return the string 
> counts of the sets, but, when req_info->counts_only tries to read the 
> tb[ETHTOOL_A_STRSET_COUNTS_ONLY] it gets out of bound. 
> 
> - net/ethtool/strset.c
> The bug seems to trigger in this line:
> 
> req_info->counts_only = tb[ETHTOOL_A_STRSET_COUNTS_ONLY];
> 
> Fix it by NULL checking for req_info->counts_only while 
> reading from tb[ETHTOOL_A_STRSET_COUNTS_ONLY].
> 
> Reported-by: syzbot+9d1389df89299fa368dc@...kaller.appspotmail.com 
> Link: https://syzkaller.appspot.com/bug?id=730deff8fe9954a5e317924d9acff98d9c64a770 
> Signed-off-by: Anmol Karn <anmol.karan123@...il.com>

I think the correct fix for this was already applied to net-next as:

 commit db972e532518 ("ethtool: strset: allow ETHTOOL_A_STRSET_COUNTS_ONLY attr")

Powered by blists - more mailing lists