lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [<thread-prev] [day] [month] [year] [list] 
Date:   Tue, 27 Jul 2021 12:10:22 -0300
From:   Marcelo Ricardo Leitner <marcelo.leitner@...il.com>
To:     Ben Hutchings <ben@...adent.org.uk>
Cc:     netdev@...r.kernel.org, linux-sctp@...r.kernel.org,
        Ilja Van Sprundel <ivansprundel@...ctive.com>,
        Neil Horman <nhorman@...driver.com>,
        Vlad Yasevich <vyasevich@...il.com>,
        Xin Long <lucien.xin@...il.com>, carnil@...ian.org
Subject: Re: [PATCH net 1/4] sctp: validate from_addr_param return

On Tue, Jul 27, 2021 at 04:20:22AM +0200, Ben Hutchings wrote:
> On Mon, Jun 28, 2021 at 04:13:41PM -0300, Marcelo Ricardo Leitner wrote:
> [...]
> > @@ -1174,7 +1175,8 @@ static struct sctp_association *__sctp_rcv_asconf_lookup(
> >  	if (unlikely(!af))
> >  		return NULL;
> >  
> > -	af->from_addr_param(&paddr, param, peer_port, 0);
> > +	if (af->from_addr_param(&paddr, param, peer_port, 0))
> > +		return NULL;
> >  
> >  	return __sctp_lookup_association(net, laddr, &paddr, transportp);
> >  }
> [...]
> 
> This condition needs to be inverted, doesn't it?

Right you are. I'll send a patch today.

Thanks,
Marcelo

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ