| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
Date: Wed, 27 Sep 2023 11:29:18 +0300 From: David Kahurani <k.kahurani@...il.com> To: xen-devel@...ts.xenproject.org Cc: netdev@...r.kernel.org, wei.liu@...nel.org, paul@....org, David Kahurani <k.kahurani@...il.com> Subject: [PATCH] net/xen-netback: Break build if netback slots > max_skbs + 1 If XEN_NETBK_LEGACY_SLOTS_MAX and MAX_SKB_FRAGS have a difference of more than 1, with MAX_SKB_FRAGS being the lesser value, it opens up a path for null-dereference. It was also noted that some distributions were modifying upstream behaviour in that direction which necessitates this patch. Signed-off-by: David Kahurani <k.kahurani@...il.com> --- drivers/net/xen-netback/netback.c | 1 + 1 file changed, 1 insertion(+) diff --git a/drivers/net/xen-netback/netback.c b/drivers/net/xen-netback/netback.c index 88f760a7cbc3..df032e33787f 100644 --- a/drivers/net/xen-netback/netback.c +++ b/drivers/net/xen-netback/netback.c @@ -1005,6 +1005,7 @@ static void xenvif_tx_build_gops(struct xenvif_queue *queue, break; } + BUILD_BUG_ON(XEN_NETBK_LEGACY_SLOTS_MAX > MAX_SKB_FRAGS + 1); if (ret >= XEN_NETBK_LEGACY_SLOTS_MAX - 1 && data_len < txreq.size) data_len = txreq.size; -- 2.25.1
Powered by blists - more mailing lists