Re: [PATCH v2] af_key: pfkey_dump needs parameter validation

From: Steffen Klassert
Date: Fri Jul 24 2020 - 01:27:34 EST

Next message: Martin KaFai Lau: "Re: [PATCH bpf-next v6 1/7] bpf: Renames to prepare for generalizing sk_storage."
Previous message: Manivannan Sadhasivam: "Re: [PATCH v5 08/10] bus: mhi: core: Use counters to track MHI device state transitions"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

On Wed, Jul 22, 2020 at 04:00:53AM -0700, Mark Salyzyn wrote:
> In pfkey_dump() dplen and splen can both be specified to access the
> xfrm_address_t structure out of bounds in__xfrm_state_filter_match()
> when it calls addr_match() with the indexes. Return EINVAL if either
> are out of range.
>
> Signed-off-by: Mark Salyzyn <salyzyn@xxxxxxxxxxx>
> Cc: netdev@xxxxxxxxxxxxxxx
> Cc: linux-kernel@xxxxxxxxxxxxxxx
> Cc: kernel-team@xxxxxxxxxxx
> Cc: Steffen Klassert <steffen.klassert@xxxxxxxxxxx>
> Cc: Herbert Xu <herbert@xxxxxxxxxxxxxxxxxxx>
> Cc: "David S. Miller" <davem@xxxxxxxxxxxxx>
> Cc: Jakub Kicinski <kuba@xxxxxxxxxx>
> Fixes: 1da177e4c3f4 ("Linux-2.6.12-rc2")

Applied, thanks a lot!

Next message: Martin KaFai Lau: "Re: [PATCH bpf-next v6 1/7] bpf: Renames to prepare for generalizing sk_storage."
Previous message: Manivannan Sadhasivam: "Re: [PATCH v5 08/10] bus: mhi: core: Use counters to track MHI device state transitions"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]