| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
Date: Sun, 11 Oct 2020 09:54:36 -0700
From: Jakub Kicinski <kuba@...nel.org>
To: Anmol Karn <anmol.karan123@...il.com>
Cc: davem@...emloft.net, mkubecek@...e.cz, andrew@...n.ch,
f.fainelli@...il.com, dan.carpenter@...cle.com,
netdev@...r.kernel.org, linux-kernel@...r.kernel.org,
linux-kernel-mentees@...ts.linuxfoundation.org,
syzkaller-bugs@...glegroups.com,
syzbot+9d1389df89299fa368dc@...kaller.appspotmail.com
Subject: Re: [Linux-kernel-mentees] [PATCH net] ethtool: strset: Fix out of
bound read in strset_parse_request()
On Sun, 11 Oct 2020 02:39:29 +0530 Anmol Karn wrote:
> Flag ``ETHTOOL_A_STRSET_COUNTS_ONLY`` tells the kernel to only return the string
> counts of the sets, but, when req_info->counts_only tries to read the
> tb[ETHTOOL_A_STRSET_COUNTS_ONLY] it gets out of bound.
>
> - net/ethtool/strset.c
> The bug seems to trigger in this line:
>
> req_info->counts_only = tb[ETHTOOL_A_STRSET_COUNTS_ONLY];
>
> Fix it by NULL checking for req_info->counts_only while
> reading from tb[ETHTOOL_A_STRSET_COUNTS_ONLY].
>
> Reported-by: syzbot+9d1389df89299fa368dc@...kaller.appspotmail.com
> Link: https://syzkaller.appspot.com/bug?id=730deff8fe9954a5e317924d9acff98d9c64a770
> Signed-off-by: Anmol Karn <anmol.karan123@...il.com>
I think the correct fix for this was already applied to net-next as:
commit db972e532518 ("ethtool: strset: allow ETHTOOL_A_STRSET_COUNTS_ONLY attr")
Powered by blists - more mailing lists