| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
Message-ID: <CAM_iQpW3SPXJWeLf3Ck4QHZxetDuYcQJDFChUje3-4By8oGfnA@mail.gmail.com>
Date: Mon, 19 Apr 2021 11:46:40 -0700
From: Cong Wang <xiyou.wangcong@...il.com>
To: Davide Caratti <dcaratti@...hat.com>
Cc: Jamal Hadi Salim <jhs@...atatu.com>, Jiri Pirko <jiri@...nulli.us>,
"David S. Miller" <davem@...emloft.net>,
Jakub Kicinski <kuba@...nel.org>, wenxu <wenxu@...oud.cn>,
Linux Kernel Network Developers <netdev@...r.kernel.org>,
Marcelo Ricardo Leitner <marcelo.leitner@...il.com>
Subject: Re: [PATCH net 2/2] net/sched: sch_frag: fix stack OOB read while
fragmenting IPv4 packets
On Mon, Apr 19, 2021 at 8:24 AM Davide Caratti <dcaratti@...hat.com> wrote:
> diff --git a/net/sched/sch_frag.c b/net/sched/sch_frag.c
> index e1e77d3fb6c0..8c06381391d6 100644
> --- a/net/sched/sch_frag.c
> +++ b/net/sched/sch_frag.c
> @@ -90,16 +90,16 @@ static int sch_fragment(struct net *net, struct sk_buff *skb,
> }
>
> if (skb_protocol(skb, true) == htons(ETH_P_IP)) {
> - struct dst_entry sch_frag_dst;
> + struct rtable sch_frag_rt = { 0 };
Is setting these fields 0 sufficient here? Because normally a struct table
is initialized by rt_dst_alloc() which sets several of them to non-zero,
notably, rt->rt_type and rt->rt_uncached.
Similar for the IPv6 part, which is initialized by rt6_info_init().
Thanks.
Powered by blists - more mailing lists