| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
Message-ID: <20230829054623.104293-2-alexhenrie24@gmail.com> Date: Mon, 28 Aug 2023 23:44:43 -0600 From: Alex Henrie <alexhenrie24@...il.com> To: netdev@...r.kernel.org, jbohac@...e.cz, benoit.boissinot@...-lyon.org, davem@...emloft.net, hideaki.yoshifuji@...aclelinux.com, dsahern@...nel.org, pabeni@...hat.com Cc: Alex Henrie <alexhenrie24@...il.com> Subject: [PATCH v2 1/5] net: ipv6/addrconf: avoid integer underflow in ipv6_create_tempaddr The existing code incorrectly casted a negative value (the result of a subtraction) to an unsigned value without checking. For example, if /proc/sys/net/ipv6/conf/*/temp_prefered_lft was set to 1, the preferred lifetime would jump to 4 billion seconds. On my machine and network the shortest lifetime that avoided underflow was 3 seconds. Fixes: 76506a986dc3 (IPv6: fix DESYNC_FACTOR, 2016-10-13) Signed-off-by: Alex Henrie <alexhenrie24@...il.com> --- net/ipv6/addrconf.c | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/net/ipv6/addrconf.c b/net/ipv6/addrconf.c index 94cec2075eee..c93a2b9a9172 100644 --- a/net/ipv6/addrconf.c +++ b/net/ipv6/addrconf.c @@ -1368,7 +1368,7 @@ static int ipv6_create_tempaddr(struct inet6_ifaddr *ifp, bool block) * idev->desync_factor if it's larger */ cnf_temp_preferred_lft = READ_ONCE(idev->cnf.temp_prefered_lft); - max_desync_factor = min_t(__u32, + max_desync_factor = min_t(long, idev->cnf.max_desync_factor, cnf_temp_preferred_lft - regen_advance); -- 2.42.0
Powered by blists - more mailing lists