Re: [PATCH v2] xfrm: correctly check policy index in verify_newpolicy_info

From: Herbert Xu
Date: Mon Feb 25 2019 - 08:43:51 EST

Next message: Petr Mladek: "Re: [RFC PATCH v1 12/25] printk: minimize console locking implementation"
Previous message: Ulf Hansson: "Re: [PATCH v2 3/3] mmc: core: Add discard support to sd"
In reply to: Yue Haibing: "[PATCH v2] xfrm: correctly check policy index in verify_newpolicy_info"
Next in thread: YueHaibing: "Re: [PATCH v2] xfrm: correctly check policy index in verify_newpolicy_info"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

On Mon, Feb 25, 2019 at 05:56:00PM +0800, Yue Haibing wrote:
>
> the check. Then __xfrm_policy_unlink use the index to access array policy_count
> whose size is XFRM_POLICY_MAX * 2, triggering out of bounds access.

No it doesn't. Even if it did the bug would be in __xfrm_policy_unlink
and not here.

Your patch makes no sense.

Cheers,
--
Email: Herbert Xu <herbert@xxxxxxxxxxxxxxxxxxx>
Home Page: http://gondor.apana.org.au/~herbert/
PGP Key: http://gondor.apana.org.au/~herbert/pubkey.txt

Next message: Petr Mladek: "Re: [RFC PATCH v1 12/25] printk: minimize console locking implementation"
Previous message: Ulf Hansson: "Re: [PATCH v2 3/3] mmc: core: Add discard support to sd"
In reply to: Yue Haibing: "[PATCH v2] xfrm: correctly check policy index in verify_newpolicy_info"
Next in thread: YueHaibing: "Re: [PATCH v2] xfrm: correctly check policy index in verify_newpolicy_info"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]