lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [thread-next>] [day] [month] [year] [list]
Message-Id: <20250719155705.44929-1-ant.v.moryakov@gmail.com>
Date: Sat, 19 Jul 2025 18:57:05 +0300
From: Anton Moryakov <ant.v.moryakov@...il.com>
To: netdev@...r.kernel.org
Cc: Anton Moryakov <ant.v.moryakov@...il.com>
Subject: [PATCH iproute2-next] ip: ipmaddr.c: Fix possible integer underflow in read_igmp()

Static analyzer pointed out a potential error:

	Possible integer underflow: left operand is tainted. An integer underflow 
	may occur due to arithmetic operation (unsigned subtraction) between variable 
	'len' and value '1', when 'len' is tainted { [0, 18446744073709551615] }

The fix adds a check for 'len == 0' before accessing the last character of
the name, and skips the current line in such cases to avoid the underflow.

Reported-by: SVACE static analyzer
Signed-off-by: Anton Moryakov <ant.v.moryakov@...il.com>
---
 ip/ipmaddr.c | 2 ++
 1 file changed, 2 insertions(+)

diff --git a/ip/ipmaddr.c b/ip/ipmaddr.c
index 2418b303..2feb916a 100644
--- a/ip/ipmaddr.c
+++ b/ip/ipmaddr.c
@@ -150,6 +150,8 @@ static void read_igmp(struct ma_info **result_p)
 
 			sscanf(buf, "%d%s", &m.index, m.name);
 			len = strlen(m.name);
+			if(len == 0)
+				continue;
 			if (m.name[len - 1] == ':')
 				m.name[len - 1] = '\0';
 			continue;
-- 
2.39.2


Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ