lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [<thread-prev] [day] [month] [year] [list] 
Date:   Mon, 26 Jul 2021 22:40:27 -0400
From:   Paul Moore <paul@...l-moore.com>
To:     Pavel Skripkin <paskripkin@...il.com>
Cc:     davem@...emloft.net, yoshfuji@...ux-ipv6.org, dsahern@...nel.org,
        kuba@...nel.org, netdev@...r.kernel.org,
        linux-security-module@...r.kernel.org,
        linux-kernel@...r.kernel.org,
        syzbot+cdd51ee2e6b0b2e18c0d@...kaller.appspotmail.com
Subject: Re: [PATCH 1/2] net: cipso: fix warnings in netlbl_cipsov4_add_std

On Mon, Jul 26, 2021 at 7:11 AM Pavel Skripkin <paskripkin@...il.com> wrote:
> On Sat, 10 Jul 2021 10:03:13 +0300
> Pavel Skripkin <paskripkin@...il.com> wrote:
>
> > Syzbot reported warning in netlbl_cipsov4_add(). The
> > problem was in too big doi_def->map.std->lvl.local_size
> > passed to kcalloc(). Since this value comes from userpace there is
> > no need to warn if value is not correct.
> >
> > The same problem may occur with other kcalloc() calls in
> > this function, so, I've added __GFP_NOWARN flag to all
> > kcalloc() calls there.
> >
> > Reported-and-tested-by:
> > syzbot+cdd51ee2e6b0b2e18c0d@...kaller.appspotmail.com Fixes:
> > 96cb8e3313c7 ("[NetLabel]: CIPSOv4 and Unlabeled packet integration")
> > Signed-off-by: Pavel Skripkin <paskripkin@...il.com> ---
> >  net/netlabel/netlabel_cipso_v4.c | 8 ++++----
> >  1 file changed, 4 insertions(+), 4 deletions(-)
>
> Hi, net developers!
>
> Is this patch merged somewhere? I've checked net tree and Paul Moore
> tree on https://git.kernel.org/, but didn't find it. Did I miss it
> somewhere? If not, it's just a gentle ping :)
>
> Btw: maybe I should send it as separete patch, since 2/2 in this
> series is invalid as already in-tree?

I'm not sure why this hasn't been picked up yet, but I suppose
resubmitting just this patch couldn't hurt.  Don't forget to include
my ACK if you do.

-- 
paul moore
www.paul-moore.com

Powered by blists - more mailing lists