lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list] 
Message-Id: 
 <173300522975.2492979.17101494144631097796.git-patchwork-notify@kernel.org>
Date: Sat, 30 Nov 2024 22:20:29 +0000
From: patchwork-bot+netdevbpf@...nel.org
To: Eric Dumazet <edumazet@...gle.com>
Cc: davem@...emloft.net, kuba@...nel.org, pabeni@...hat.com,
 netdev@...r.kernel.org, eric.dumazet@...il.com,
 syzbot+671e2853f9851d039551@...kaller.appspotmail.com, w-kwok2@...com,
 m-karicheri2@...com, danishanwar@...com, jiri@...dia.com,
 george.mccollister@...il.com
Subject: Re: [PATCH net] net: hsr: avoid potential out-of-bound access in
 fill_frame_info()

Hello:

This patch was applied to netdev/net.git (main)
by Jakub Kicinski <kuba@...nel.org>:

On Tue, 26 Nov 2024 14:43:44 +0000 you wrote:
> syzbot is able to feed a packet with 14 bytes, pretending
> it is a vlan one.
> 
> Since fill_frame_info() is relying on skb->mac_len already,
> extend the check to cover this case.
> 
> BUG: KMSAN: uninit-value in fill_frame_info net/hsr/hsr_forward.c:709 [inline]
>  BUG: KMSAN: uninit-value in hsr_forward_skb+0x9ee/0x3b10 net/hsr/hsr_forward.c:724
>   fill_frame_info net/hsr/hsr_forward.c:709 [inline]
>   hsr_forward_skb+0x9ee/0x3b10 net/hsr/hsr_forward.c:724
>   hsr_dev_xmit+0x2f0/0x350 net/hsr/hsr_device.c:235
>   __netdev_start_xmit include/linux/netdevice.h:5002 [inline]
>   netdev_start_xmit include/linux/netdevice.h:5011 [inline]
>   xmit_one net/core/dev.c:3590 [inline]
>   dev_hard_start_xmit+0x247/0xa20 net/core/dev.c:3606
>   __dev_queue_xmit+0x366a/0x57d0 net/core/dev.c:4434
>   dev_queue_xmit include/linux/netdevice.h:3168 [inline]
>   packet_xmit+0x9c/0x6c0 net/packet/af_packet.c:276
>   packet_snd net/packet/af_packet.c:3146 [inline]
>   packet_sendmsg+0x91ae/0xa6f0 net/packet/af_packet.c:3178
>   sock_sendmsg_nosec net/socket.c:711 [inline]
>   __sock_sendmsg+0x30f/0x380 net/socket.c:726
>   __sys_sendto+0x594/0x750 net/socket.c:2197
>   __do_sys_sendto net/socket.c:2204 [inline]
>   __se_sys_sendto net/socket.c:2200 [inline]
>   __x64_sys_sendto+0x125/0x1d0 net/socket.c:2200
>   x64_sys_call+0x346a/0x3c30 arch/x86/include/generated/asm/syscalls_64.h:45
>   do_syscall_x64 arch/x86/entry/common.c:52 [inline]
>   do_syscall_64+0xcd/0x1e0 arch/x86/entry/common.c:83
>  entry_SYSCALL_64_after_hwframe+0x77/0x7f
> 
> [...]

Here is the summary with links:
  - [net] net: hsr: avoid potential out-of-bound access in fill_frame_info()
    https://git.kernel.org/netdev/net/c/b9653d19e556

You are awesome, thank you!
-- 
Deet-doot-dot, I am a bot.
https://korg.docs.kernel.org/patchwork/pwbot.html

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ