| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
Message-ID: <20241113182511.41960cc0@kernel.org> Date: Wed, 13 Nov 2024 18:25:11 -0800 From: Jakub Kicinski <kuba@...nel.org> To: Manas via B4 Relay <devnull+manas18244.iiitd.ac.in@...nel.org> Cc: manas18244@...td.ac.in, "David S. Miller" <davem@...emloft.net>, Eric Dumazet <edumazet@...gle.com>, Paolo Abeni <pabeni@...hat.com>, Simon Horman <horms@...nel.org>, Kuniyuki Iwashima <kuniyu@...zon.com>, Shuah Khan <shuah@...nel.org>, Anup Sharma <anupnewsmail@...il.com>, netdev@...r.kernel.org, linux-kernel@...r.kernel.org, syzbot+d4373fa8042c06cefa84@...kaller.appspotmail.com Subject: Re: [PATCH net v2] netlink: Add string check in netlink_ack_tlv_fill On Thu, 14 Nov 2024 06:15:15 +0530 Manas via B4 Relay wrote: > - if (extack->bad_attr && > + if (extack->bad_attr && strlen(in_skb->data) && > !WARN_ON((u8 *)extack->bad_attr < in_skb->data || > (u8 *)extack->bad_attr >= in_skb->data + in_skb->len)) that's most definitely not the right fix. in_skb->data points to binary data. my best idea so far is to rework this check to use nlh, because in_skb will be pulled at this stage for dumps if that makes sense to you please give it a go, otherwise I'll work on the fix tomorrow
Powered by blists - more mailing lists