netdev - Re: [PATCH net 1/1] batman-adv: fix OOB read/write in network-coding decode

lists.openwall.net		lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC
Open Source and information security mailing list archives

Hash Suite: Windows password security audit tool. GUI, reports in PDF.

[<prev] [next>] [<thread-prev] [day] [month] [year] [list]

Message-Id: 
 <175675920849.3877324.13775233533723046808.git-patchwork-notify@kernel.org>
Date: Mon, 01 Sep 2025 20:40:08 +0000
From: patchwork-bot+netdevbpf@...nel.org
To: Simon Wunderlich <sw@...onwunderlich.de>
Cc: davem@...emloft.net, kuba@...nel.org, netdev@...r.kernel.org,
 b.a.t.m.a.n@...ts.open-mesh.org, stanislav.fort@...le.com,
 stable@...r.kernel.org, disclosure@...le.com, sven@...fation.org
Subject: Re: [PATCH net 1/1] batman-adv: fix OOB read/write in network-coding
 decode

Hello:

This patch was applied to netdev/net.git (main)
by Simon Wunderlich <sw@...onwunderlich.de>:

On Mon,  1 Sep 2025 18:15:46 +0200 you wrote:
> From: Stanislav Fort <stanislav.fort@...le.com>
> 
> batadv_nc_skb_decode_packet() trusts coded_len and checks only against
> skb->len. XOR starts at sizeof(struct batadv_unicast_packet), reducing
> payload headroom, and the source skb length is not verified, allowing an
> out-of-bounds read and a small out-of-bounds write.
> 
> [...]

Here is the summary with links:
  - [net,1/1] batman-adv: fix OOB read/write in network-coding decode
    https://git.kernel.org/netdev/net/c/d77b6ff0ce35

You are awesome, thank you!
-- 
Deet-doot-dot, I am a bot.
https://korg.docs.kernel.org/patchwork/pwbot.html