lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening PHC | |
Open Source and information security mailing list archives
| ||
|
Date: Tue, 29 Dec 2020 17:01:27 +0100 From: Florian Westphal <fw@...len.de> To: Visa Hankala <visa@...kala.org> Cc: Florian Westphal <fw@...len.de>, Steffen Klassert <steffen.klassert@...unet.com>, Herbert Xu <herbert@...dor.apana.org.au>, "David S. Miller" <davem@...emloft.net>, netdev@...r.kernel.org Subject: Re: [PATCH] xfrm: Fix wraparound in xfrm_policy_addr_delta() Visa Hankala <visa@...kala.org> wrote: > Use three-way comparison for address elements to avoid integer > wraparound in the result of xfrm_policy_addr_delta(). > > This ensures that the search trees are built and traversed correctly > when the difference between compared address elements is larger > than INT_MAX. Please provide an update to tools/testing/selftests/net/xfrm_policy.sh that shows that this is a problem. > switch (family) { > case AF_INET: > - if (sizeof(long) == 4 && prefixlen == 0) > - return ntohl(a->a4) - ntohl(b->a4); > - return (ntohl(a->a4) & ((~0UL << (32 - prefixlen)))) - > - (ntohl(b->a4) & ((~0UL << (32 - prefixlen)))); > + mask = ~0U << (32 - prefixlen); > + ma = ntohl(a->a4) & mask; > + mb = ntohl(b->a4) & mask; This is suspicious. Is prefixlen == 0 impossible? If not, then after patch mask = ~0U << 32; ... and function returns 0.
Powered by blists - more mailing lists