| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
Message-ID: <20220519175110.4b9c0a45@kernel.org>
Date: Thu, 19 May 2022 17:51:10 -0700
From: Jakub Kicinski <kuba@...nel.org>
To: Nikolaus Vladutescu-Zopp <nikolaus@...dutescu-zopp.com>
Cc: irusskikh@...vell.com, davem@...emloft.net, edumazet@...gle.com,
pabeni@...hat.com, netdev@...r.kernel.org,
linux-kernel@...r.kernel.org, blairuk@...il.com,
kai.heng.feng@...onical.com
Subject: Re: [PATCH] net: atlantic: Avoid out-of-bounds indexing
On Thu, 19 May 2022 03:09:50 +0200 Nikolaus Vladutescu-Zopp wrote:
> A UBSAN warning is observed on atlantic driver:
>
> [ 16.257086] UBSAN: array-index-out-of-bounds in
> drivers/net/ethernet/aquantia/atlantic/aq_nic.c:1268:48
> [ 16.257090] index 8 is out of range for type 'aq_vec_s *[8]'
>
> The index is assigned right before breaking out the loop, so there's no
> actual deferencing happening.
> So only use the index inside the loop to fix the issue.
>
> Same issue was observed and corrected in two other places.
>
> BugLink: https://bugs.launchpad.net/bugs/1958770
> Suggested-by: bsdz <blairuk@...il.com>
> Suggested-by: Kai-Heng Feng <kai.heng.feng@...onical.com>
> Tested-by: Nikolaus Vladutescu-Zopp <nikolaus@...dutescu-zopp.com>
> Signed-off-by: Nikolaus Vladutescu-Zopp <nikolaus@...dutescu-zopp.com>
The patch does not apply, please rebase on net/master:
https://git.kernel.org/pub/scm/linux/kernel/git/netdev/net.git/
and repost. Please use [PATCH net] as the subject prefix. Please add
a Fixes tag, if possible. Please replace "bsdz" with the person's name
or remove that tag.
Powered by blists - more mailing lists