lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [<thread-prev] [day] [month] [year] [list] 
Date:   Mon, 30 Aug 2021 11:30:06 +0000
From:   patchwork-bot+netdevbpf@...nel.org
To:     Dan Carpenter <dan.carpenter@...cle.com>
Cc:     mani@...nel.org, loic.poulain@...aro.org,
        butterflyhuangxx@...il.com, davem@...emloft.net, kuba@...nel.org,
        bjorn.andersson@...aro.org, linux-arm-msm@...r.kernel.org,
        netdev@...r.kernel.org
Subject: Re: [PATCH v2 net] net: qrtr: make checks in qrtr_endpoint_post()
 stricter

Hello:

This patch was applied to netdev/net-next.git (refs/heads/master):

On Mon, 30 Aug 2021 11:37:17 +0300 you wrote:
> These checks are still not strict enough.  The main problem is that if
> "cb->type == QRTR_TYPE_NEW_SERVER" is true then "len - hdrlen" is
> guaranteed to be 4 but we need to be at least 16 bytes.  In fact, we
> can reject everything smaller than sizeof(*pkt) which is 20 bytes.
> 
> Also I don't like the ALIGN(size, 4).  It's better to just insist that
> data is needs to be aligned at the start.
> 
> [...]

Here is the summary with links:
  - [v2,net] net: qrtr: make checks in qrtr_endpoint_post() stricter
    https://git.kernel.org/netdev/net-next/c/aaa8e4922c88

You are awesome, thank you!
--
Deet-doot-dot, I am a bot.
https://korg.docs.kernel.org/patchwork/pwbot.html

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ