| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
Message-ID: <20230901044219.10062-1-alexhenrie24@gmail.com>
Date: Thu, 31 Aug 2023 22:41:27 -0600
From: Alex Henrie <alexhenrie24@...il.com>
To: netdev@...r.kernel.org,
jbohac@...e.cz,
benoit.boissinot@...-lyon.org,
davem@...emloft.net,
hideaki.yoshifuji@...aclelinux.com,
dsahern@...nel.org,
pabeni@...hat.com,
kuba@...nel.org
Cc: Alex Henrie <alexhenrie24@...il.com>
Subject: [PATCH v3] net: ipv6/addrconf: avoid integer underflow in ipv6_create_tempaddr
The existing code incorrectly casted a negative value (the result of a
subtraction) to an unsigned value without checking. For example, if
/proc/sys/net/ipv6/conf/*/temp_prefered_lft was set to 1, the preferred
lifetime would jump to 4 billion seconds. On my machine and network the
shortest lifetime that avoided underflow was 3 seconds.
Fixes: 76506a986dc3 ("IPv6: fix DESYNC_FACTOR")
Signed-off-by: Alex Henrie <alexhenrie24@...il.com>
---
Changes from v2:
- Use conventional format for "Fixes" line
- Send separately and leave the other four patches for later
---
net/ipv6/addrconf.c | 2 +-
1 file changed, 1 insertion(+), 1 deletion(-)
diff --git a/net/ipv6/addrconf.c b/net/ipv6/addrconf.c
index 967913ad65e5..0b6ee962c84e 100644
--- a/net/ipv6/addrconf.c
+++ b/net/ipv6/addrconf.c
@@ -1378,7 +1378,7 @@ static int ipv6_create_tempaddr(struct inet6_ifaddr *ifp, bool block)
* idev->desync_factor if it's larger
*/
cnf_temp_preferred_lft = READ_ONCE(idev->cnf.temp_prefered_lft);
- max_desync_factor = min_t(__u32,
+ max_desync_factor = min_t(long,
idev->cnf.max_desync_factor,
cnf_temp_preferred_lft - regen_advance);
--
2.42.0
Powered by blists - more mailing lists