| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
Message-ID: <20250728135055.GA1877762@horms.kernel.org> Date: Mon, 28 Jul 2025 14:50:55 +0100 From: Simon Horman <horms@...nel.org> To: Charalampos Mitrodimas <charmitro@...teo.net> Cc: Steffen Klassert <steffen.klassert@...unet.com>, Herbert Xu <herbert@...dor.apana.org.au>, "David S. Miller" <davem@...emloft.net>, David Ahern <dsahern@...nel.org>, Eric Dumazet <edumazet@...gle.com>, Jakub Kicinski <kuba@...nel.org>, Paolo Abeni <pabeni@...hat.com>, netdev@...r.kernel.org, linux-kernel@...r.kernel.org, syzbot+01b0667934cdceb4451c@...kaller.appspotmail.com Subject: Re: [PATCH net v2] net: ipv6: fix buffer overflow in AH output On Mon, Jul 28, 2025 at 12:36:18PM +0000, Charalampos Mitrodimas wrote: > Simon Horman <horms@...nel.org> writes: > > > On Sun, Jul 27, 2025 at 09:51:40PM +0000, Charalampos Mitrodimas wrote: ... > >> Changes in v2: > >> - Link correct syzbot dashboard link in patch tags > >> - Link to v1: https://lore.kernel.org/r/20250727-ah6-buffer-overflow-v1-1-1f3e11fa98db@posteo.net > > > > You posted two versions of this patch within a few minutes. > > Please don't do that. Rather, please wait 24h to allow review to occur. > > I'm aware. The reason for posting the second version so soon was because > I did not want people to get confused about which syzbot report this > solves, as the one in v1 was the wrong. Understood. FWIIW, I think it would have been better to respond to v1 with corrected syzbot information. ... > This is much better actually, thanks a lot. I tested it with the syzbot > reproducer and no issues were found. Excellent. > > I would also suggest adding a helper (or two), to avoid (repeatedly) open > > coding whatever approach is taken. > > I'll do that and go on with a patch targetting ipsec-next. Is it okay to > keep the the versioning or it should a completely new patch? I think that keeping the versioning is fine, although it is up to you. If you do so, please do include a link to earlier versions (as you did in this patch) as I assume the subject will change. -- pw-bot: cr
Powered by blists - more mailing lists