| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
Message-ID: <Z1xzwAG4xqkcSVzB@LQ3V64L9R2>
Date: Fri, 13 Dec 2024 09:49:52 -0800
From: Joe Damato <jdamato@...tly.com>
To: Eric Dumazet <edumazet@...gle.com>
Cc: "David S . Miller" <davem@...emloft.net>,
Jakub Kicinski <kuba@...nel.org>, Paolo Abeni <pabeni@...hat.com>,
netdev@...r.kernel.org, Simon Horman <horms@...nel.org>,
eric.dumazet@...il.com,
syzbot+ea40e4294e58b0292f74@...kaller.appspotmail.com,
Jiri Pirko <jiri@...dia.com>
Subject: Re: [PATCH net] netdevsim: prevent bad user input in
nsim_dev_health_break_write()
On Fri, Dec 13, 2024 at 05:25:18PM +0000, Eric Dumazet wrote:
> If either a zero count or a large one is provided, kernel can crash.
>
> Fixes: 82c93a87bf8b ("netdevsim: implement couple of testing devlink health reporters")
> Reported-by: syzbot+ea40e4294e58b0292f74@...kaller.appspotmail.com
> Closes: https://lore.kernel.org/netdev/675c6862.050a0220.37aaf.00b1.GAE@google.com/T/#u
> Signed-off-by: Eric Dumazet <edumazet@...gle.com>
> Cc: Jiri Pirko <jiri@...dia.com>
> ---
> drivers/net/netdevsim/health.c | 2 ++
> 1 file changed, 2 insertions(+)
>
> diff --git a/drivers/net/netdevsim/health.c b/drivers/net/netdevsim/health.c
> index 70e8bdf34be900f744e821fb237641a27bb71a7b..688f05316b5e109fc84222476023f3f1f078cf28 100644
> --- a/drivers/net/netdevsim/health.c
> +++ b/drivers/net/netdevsim/health.c
> @@ -149,6 +149,8 @@ static ssize_t nsim_dev_health_break_write(struct file *file,
> char *break_msg;
> int err;
>
> + if (count == 0 || count > PAGE_SIZE)
> + return -EINVAL;
> break_msg = memdup_user_nul(data, count);
> if (IS_ERR(break_msg))
> return PTR_ERR(break_msg);
> --
Reviewed-by: Joe Damato <jdamato@...tly.com>
Powered by blists - more mailing lists