| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
Message-ID: <20201020115047.GA15628@salvia>
Date: Tue, 20 Oct 2020 13:50:47 +0200
From: Pablo Neira Ayuso <pablo@...filter.org>
To: saeed.mirzamohammadi@...cle.com
Cc: linux-kernel@...r.kernel.org, kadlec@...filter.org, fw@...len.de,
davem@...emloft.net, kuba@...nel.org,
netfilter-devel@...r.kernel.org, coreteam@...filter.org,
netdev@...r.kernel.org
Subject: Re: [PATCH linux-5.9 1/1] net: netfilter: fix KASAN:
slab-out-of-bounds Read in nft_flow_rule_create
On Mon, Oct 19, 2020 at 10:25:32AM -0700, saeed.mirzamohammadi@...cle.com wrote:
> From: Saeed Mirzamohammadi <saeed.mirzamohammadi@...cle.com>
>
> This patch fixes the issue due to:
>
> BUG: KASAN: slab-out-of-bounds in nft_flow_rule_create+0x622/0x6a2
> net/netfilter/nf_tables_offload.c:40
> Read of size 8 at addr ffff888103910b58 by task syz-executor227/16244
>
> The error happens when expr->ops is accessed early on before performing the boundary check and after nft_expr_next() moves the expr to go out-of-bounds.
>
> This patch checks the boundary condition before expr->ops that fixes the slab-out-of-bounds Read issue.
Thanks. I made a slight variant of your patch.
I'm attaching it, it is also fixing the problem but it introduced
nft_expr_more() and use it everywhere.
Let me know if this looks fine to you.
View attachment "0001-netfilter-fix-KASAN-slab-out-of-bounds-Read-in-nft_f.patch" of type "text/x-diff" (3702 bytes)
Powered by blists - more mailing lists