lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list]
Message-ID: <CAFqe=z+bnNayKaxEnEFar28Q__yZ9Byaxe3YwtMaBEsASG2VwA@mail.gmail.com>
Date: Thu, 9 May 2024 12:49:47 +0200
From: Jannik Glückert <jannik.glueckert@...il.com>
To: Johannes Berg <johannes@...solutions.net>
Cc: Bagas Sanjaya <bagasdotme@...il.com>, 
	Linux Kernel Mailing List <linux-kernel@...r.kernel.org>, Linux Networking <netdev@...r.kernel.org>, 
	Linux Wireless <linux-wireless@...r.kernel.org>, Jouni Malinen <jouni.malinen@...eros.com>, 
	"John W. Linville" <linville@...driver.com>, Kalle Valo <kvalo@...nel.org>, 
	Emmanuel Grumbach <emmanuel.grumbach@...el.com>, "David S. Miller" <davem@...emloft.net>, 
	Eric Dumazet <edumazet@...gle.com>, Jakub Kicinski <kuba@...nel.org>, Paolo Abeni <pabeni@...hat.com>, 
	Sam James <sam@...too.org>
Subject: Re: Fwd: UBSAN: array-index-out-of-bounds in net/wireless/nl80211.c
 and net/mac80211/scan.c

Am Do., 9. Mai 2024 um 10:48 Uhr schrieb Johannes Berg
<johannes@...solutions.net>:
> > > [  106.194465] UBSAN: array-index-out-of-bounds in /var/tmp/portage/sys-kernel/gentoo-kernel-6.8.9/work/linux-6.8/net/wireless/nl80211.c:9203:29
> > > [  106.195063] index 42 is out of range for type 'struct ieee80211_channel *[]'
>
> > > [  106.200924] UBSAN: array-index-out-of-bounds in /var/tmp/portage/sys-kernel/gentoo-kernel-6.8.9/work/linux-6.8/net/wireless/nl80211.c:9252:5
> > > [  106.200926] index 0 is out of range for type 'struct ieee80211_channel *[]'
>
> At least one of these should be fixed by
> https://git.kernel.org/pub/scm/linux/kernel/git/wireless/wireless.git/commit/?id=838c7b8f1f278404d9d684c34a8cb26dc41aaaa1

I can confirm that this fixes both, thanks.
I only looked through torvalds/linux.git, hence I missed this patch. Sorry.

> > > [  106.201036] UBSAN: array-index-out-of-bounds in /var/tmp/portage/sys-kernel/gentoo-kernel-6.8.9/work/linux-6.8/net/mac80211/scan.c:364:4
> > > [  106.201037] index 0 is out of range for type 'struct ieee80211_channel *[]'
>
> No idea about that one. Send patches.

Sadly unaffected.

> (Seriously. If you're running with bleeding edge toolchains that pretty
> much nobody has yet, send patches.)

I'm not sure what to make of this - this bug has been around ever
since the code was added, modern toolchains just happen to be one way
to expose it.
Alas, distro people are not kernel devs, so best I can do is report this :(

Cheers
Jannik

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ