| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
Message-ID: <5f814822-53e5-2d15-894b-073a31378bfe@huawei.com>
Date: Tue, 24 May 2022 15:32:49 +0800
From: wangyufen <wangyufen@...wei.com>
To: Eric Dumazet <edumazet@...gle.com>
CC: David Miller <davem@...emloft.net>,
Hideaki YOSHIFUJI <yoshfuji@...ux-ipv6.org>,
David Ahern <dsahern@...nel.org>,
Jakub Kicinski <kuba@...nel.org>,
Paolo Abeni <pabeni@...hat.com>,
Alexei Starovoitov <ast@...nel.org>,
Daniel Borkmann <daniel@...earbox.net>,
Andrii Nakryiko <andrii@...nel.org>,
Martin KaFai Lau <kafai@...com>,
Song Liu <songliubraving@...com>, Yonghong Song <yhs@...com>,
John Fastabend <john.fastabend@...il.com>,
KP Singh <kpsingh@...nel.org>, netdev <netdev@...r.kernel.org>,
bpf <bpf@...r.kernel.org>
Subject: Re: [PATCH net-next] ipv6: Fix signed integer overflow in
__ip6_append_data
在 2022/5/24 11:54, Eric Dumazet 写道:
> On Mon, May 23, 2022 at 8:29 PM Wang Yufen <wangyufen@...wei.com> wrote:
>> Resurrect ubsan overflow checks and ubsan report this warning,
>> fix it by change len check from INT_MAX to IPV6_MAXPLEN.
>>
>> UBSAN: signed-integer-overflow in net/ipv6/ip6_output.c:1489:19
>> 2147479552 + 8567 cannot be represented in type 'int'
> OK, so why not fix this point, instead of UDP, which is only one of
> the possible callers ?
>
> It seems the check in __ip6_append_data() should be unsigned.
> .
I modified it based on the IPv4 process:
udp_sendmsg->ip_append_data->__ip_append_data
The other callers may have the same issue, it would be
more appropriate to change the variable [length]
to size_t in the entire process. I'll try to change it.
Thanks.
Powered by blists - more mailing lists