| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
Message-ID: <CANn89iKbvzS0VHa2oxrNQ5MgD1Sv_2wznYrjr+kc3Xq6X-npwA@mail.gmail.com>
Date: Wed, 15 Feb 2023 10:36:38 +0100
From: Eric Dumazet <edumazet@...gle.com>
To: Pedro Tammela <pctammela@...atatu.com>
Cc: netdev@...r.kernel.org, jhs@...atatu.com, xiyou.wangcong@...il.com,
jiri@...nulli.us, davem@...emloft.net, kuba@...nel.org,
pabeni@...hat.com
Subject: Re: [PATCH net] net/sched: tcindex: search key must be 16 bits
On Tue, Feb 14, 2023 at 2:47 AM Pedro Tammela <pctammela@...atatu.com> wrote:
>
> Syzkaller found an issue where a handle greater than 16 bits would trigger
> a null-ptr-deref in the imperfect hash area update.
>
>
> Fixes: ee059170b1f7 ("net/sched: tcindex: update imperfect hash filters respecting rcu")
> Signed-off-by: Jamal Hadi Salim <jhs@...atatu.com>
> Signed-off-by: Pedro Tammela <pctammela@...atatu.com>
Reported-by: syzbot <syzkaller@...glegroups.com>
Reviewed-by: Eric Dumazet <edumazet@...gle.com>
> ---
> net/sched/cls_tcindex.c | 2 +-
> 1 file changed, 1 insertion(+), 1 deletion(-)
>
> diff --git a/net/sched/cls_tcindex.c b/net/sched/cls_tcindex.c
> index ba7f22a49..6640e75ea 100644
> --- a/net/sched/cls_tcindex.c
> +++ b/net/sched/cls_tcindex.c
> @@ -503,7 +503,7 @@ tcindex_set_parms(struct net *net, struct tcf_proto *tp, unsigned long base,
> /* lookup the filter, guaranteed to exist */
> for (cf = rcu_dereference_bh_rtnl(*fp); cf;
> fp = &cf->next, cf = rcu_dereference_bh_rtnl(*fp))
> - if (cf->key == handle)
> + if (cf->key == (u16)handle)
> break;
>
> f->next = cf->next;
> --
> 2.34.1
>
Powered by blists - more mailing lists