| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
Message-ID: <20240924150257.1059524-1-edumazet@google.com> Date: Tue, 24 Sep 2024 15:02:55 +0000 From: Eric Dumazet <edumazet@...gle.com> To: "David S . Miller" <davem@...emloft.net>, Jakub Kicinski <kuba@...nel.org>, Paolo Abeni <pabeni@...hat.com> Cc: David Ahern <dsahern@...nel.org>, netdev@...r.kernel.org, Willem de Bruijn <willemb@...gle.com>, Jonathan Davies <jonathan.davies@...anix.com>, eric.dumazet@...il.com, Eric Dumazet <edumazet@...gle.com> Subject: [PATCH net 0/2] net: two fixes for qdisc_pkt_len_init() Inspired by one syzbot report. At least one qdisc (fq_codel) depends on qdisc_skb_cb(skb)->pkt_len having a sane value (not zero) With the help of af_packet, syzbot was able to fool qdisc_pkt_len_init() to precisely set qdisc_skb_cb(skb)->pkt_len to zero. First patch fixes this issue. Second one (a separate one to help future bisections) adds more sanity check to SKB_GSO_DODGY users. Eric Dumazet (2): net: avoid potential underflow in qdisc_pkt_len_init() with UFO net: add more sanity checks to qdisc_pkt_len_init() net/core/dev.c | 12 ++++++++---- 1 file changed, 8 insertions(+), 4 deletions(-) -- 2.46.0.792.g87dc391469-goog
Powered by blists - more mailing lists