Re: [PATCH] net: xfrm: fix shift-out-of-bounds in xfrm_get_default

From: Steffen Klassert
Date: Fri Sep 10 2021 - 06:00:53 EST

Next message: Wu Zongyong: "Re: [PATCH 6/6] vp_vdpa: introduce legacy virtio pci driver"
Previous message: Borislav Petkov: "Re: [PATCH 1/3] x86/amd_nb: Add support for HSMP mailbox access"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

On Thu, Sep 02, 2021 at 10:04:00PM +0300, Pavel Skripkin wrote:
> Syzbot hit shift-out-of-bounds in xfrm_get_default. The problem was in
> missing validation check for user data.
>
> up->dirmask comes from user-space, so we need to check if this value
> is less than XFRM_USERPOLICY_DIRMASK_MAX to avoid shift-out-of-bounds bugs.
>
> Fixes: 2d151d39073a ("xfrm: Add possibility to set the default to block if we have no policy")
> Reported-and-tested-by: syzbot+b2be9dd8ca6f6c73ee2d@xxxxxxxxxxxxxxxxxxxxxxxxx
> Signed-off-by: Pavel Skripkin <paskripkin@xxxxxxxxx>

Applied, thanks Pavel!

Next message: Wu Zongyong: "Re: [PATCH 6/6] vp_vdpa: introduce legacy virtio pci driver"
Previous message: Borislav Petkov: "Re: [PATCH 1/3] x86/amd_nb: Add support for HSMP mailbox access"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]