lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [<thread-prev] [day] [month] [year] [list] 
Message-Id: 
 <175392841099.2582155.5911871664061177064.git-patchwork-notify@kernel.org>
Date: Thu, 31 Jul 2025 02:20:10 +0000
From: patchwork-bot+netdevbpf@...nel.org
To: Eric Dumazet <edumazet@...gle.com>
Cc: davem@...emloft.net, kuba@...nel.org, pabeni@...hat.com, horms@...nel.org,
 netdev@...r.kernel.org, eric.dumazet@...il.com,
 syzbot+afad90ffc8645324afe5@...kaller.appspotmail.com
Subject: Re: [PATCH net] pptp: ensure minimal skb length in pptp_xmit()

Hello:

This patch was applied to netdev/net.git (main)
by Jakub Kicinski <kuba@...nel.org>:

On Tue, 29 Jul 2025 08:02:07 +0000 you wrote:
> Commit aabc6596ffb3 ("net: ppp: Add bound checking for skb data
> on ppp_sync_txmung") fixed ppp_sync_txmunge()
> 
> We need a similar fix in pptp_xmit(), otherwise we might
> read uninit data as reported by syzbot.
> 
> BUG: KMSAN: uninit-value in pptp_xmit+0xc34/0x2720 drivers/net/ppp/pptp.c:193
>   pptp_xmit+0xc34/0x2720 drivers/net/ppp/pptp.c:193
>   ppp_channel_bridge_input drivers/net/ppp/ppp_generic.c:2290 [inline]
>   ppp_input+0x1d6/0xe60 drivers/net/ppp/ppp_generic.c:2314
>   pppoe_rcv_core+0x1e8/0x760 drivers/net/ppp/pppoe.c:379
>   sk_backlog_rcv+0x142/0x420 include/net/sock.h:1148
>   __release_sock+0x1d3/0x330 net/core/sock.c:3213
>   release_sock+0x6b/0x270 net/core/sock.c:3767
>   pppoe_sendmsg+0x15d/0xcb0 drivers/net/ppp/pppoe.c:904
>   sock_sendmsg_nosec net/socket.c:712 [inline]
>   __sock_sendmsg+0x330/0x3d0 net/socket.c:727
>   ____sys_sendmsg+0x893/0xd80 net/socket.c:2566
>   ___sys_sendmsg+0x271/0x3b0 net/socket.c:2620
>   __sys_sendmmsg+0x2d9/0x7c0 net/socket.c:2709
> 
> [...]

Here is the summary with links:
  - [net] pptp: ensure minimal skb length in pptp_xmit()
    https://git.kernel.org/netdev/net/c/de9c4861fb42

You are awesome, thank you!
-- 
Deet-doot-dot, I am a bot.
https://korg.docs.kernel.org/patchwork/pwbot.html

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ