| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
Date: Tue, 23 Aug 2022 10:40:13 +0200
From: Stefan Schmidt <stefan@...enfreihafen.org>
To: Haimin Zhang <tcs.kernel@...il.com>, alex.aring@...il.com,
davem@...emloft.net, edumazet@...gle.com, kuba@...nel.org,
pabeni@...hat.com, linux-wpan@...r.kernel.org,
netdev@...r.kernel.org, linux-kernel@...r.kernel.org
Cc: Haimin Zhang <tcs_kernel@...cent.com>
Subject: Re: [PATCH] net/ieee802154: fix uninit value bug in dgram_sendmsg
Hello.
On 22.08.22 09:19, Haimin Zhang wrote:
> There is uninit value bug in dgram_sendmsg function in
> net/ieee802154/socket.c when the length of valid data pointed by the
> msg->msg_name isn't verified.
>
> This length is specified by msg->msg_namelen. Function
> ieee802154_addr_from_sa is called by dgram_sendmsg, which use
> msg->msg_name as struct sockaddr_ieee802154* and read it, that will
> eventually lead to uninit value read. So we should check the length of
> msg->msg_name is not less than sizeof(struct sockaddr_ieee802154)
> before entering the ieee802154_addr_from_sa.
>
> Signed-off-by: Haimin Zhang <tcs_kernel@...cent.com>
This patch has been applied to the wpan tree and will be
part of the next pull request to net. Thanks!
Btw, I got a warning from the checkpatch script that your author and SOB
email addresses do not match. Might be a good idea to fix this.
If you are having trouble to send patches through the company mail
server there is always the option to use the gmail address for sending
the mail and an internal From: header in the patch to fix up the author.
regards
Stefan Schmidt
Powered by blists - more mailing lists