Re: Patch "6lowpan: iphc: Fix an off-by-one check of array index" has been added to the 4.9-stable tree

From: Greg KH
Date: Mon Sep 13 2021 - 03:45:51 EST

Next message: Paul Kocialkowski: "Re: [PATCH NOT FOR MERGE 13/22] ARM: dts: sun8i: a83t: Add MIPI CSI-2 controller node"
Previous message: Paul Kocialkowski: "Re: [PATCH 19/22] soc: sunxi: mbus: Add A31 ISP compatibles to the list"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

On Sun, Sep 12, 2021 at 11:22:19PM -0400, Sasha Levin wrote:
> This is a note to let you know that I've just added the patch titled
>
> 6lowpan: iphc: Fix an off-by-one check of array index
>
> to the 4.9-stable tree which can be found at:
> http://www.kernel.org/git/?p=linux/kernel/git/stable/stable-queue.git;a=summary
>
> The filename of the patch is:
> 6lowpan-iphc-fix-an-off-by-one-check-of-array-index.patch
> and it can be found in the queue-4.9 subdirectory.
>
> If you, or anyone else, feels it should not be added to the stable tree,
> please let <stable@xxxxxxxxxxxxxxx> know about it.
>
>
>
> commit 68c66a31cc9a38a26a89f9594945390a09355728
> Author: Colin Ian King <colin.king@xxxxxxxxxxxxx>
> Date: Mon Jul 12 13:14:40 2021 +0100
>
> 6lowpan: iphc: Fix an off-by-one check of array index
>
> [ Upstream commit 9af417610b6142e826fd1ee8ba7ff3e9a2133a5a ]
>
> The bounds check of id is off-by-one and the comparison should
> be >= rather >. Currently the WARN_ON_ONCE check does not stop
> the out of range indexing of &ldev->ctx.table[id] so also add
> a return path if the bounds are out of range.
>
> Addresses-Coverity: ("Illegal address computation").
> Fixes: 5609c185f24d ("6lowpan: iphc: add support for stateful compression")
> Signed-off-by: Colin Ian King <colin.king@xxxxxxxxxxxxx>
> Signed-off-by: Marcel Holtmann <marcel@xxxxxxxxxxxx>
> Signed-off-by: Sasha Levin <sashal@xxxxxxxxxx>
>
> diff --git a/net/6lowpan/debugfs.c b/net/6lowpan/debugfs.c
> index 24915e0bb9ea..2a05c5b5005b 100644
> --- a/net/6lowpan/debugfs.c
> +++ b/net/6lowpan/debugfs.c
> @@ -176,7 +176,8 @@ static int lowpan_dev_debugfs_ctx_init(struct net_device *dev,
> struct dentry *dentry, *root;
> char buf[32];
>
> - WARN_ON_ONCE(id > LOWPAN_IPHC_CTX_TABLE_SIZE);
> + if (WARN_ON_ONCE(id >= LOWPAN_IPHC_CTX_TABLE_SIZE))
> + return;
>
> sprintf(buf, "%d", id);
>

Not the correct return type for this tree, or the 4.14 tree, so dropping
it from those queues as it adds a build warning.

thanks,

greg k-h

Next message: Paul Kocialkowski: "Re: [PATCH NOT FOR MERGE 13/22] ARM: dts: sun8i: a83t: Add MIPI CSI-2 controller node"
Previous message: Paul Kocialkowski: "Re: [PATCH 19/22] soc: sunxi: mbus: Add A31 ISP compatibles to the list"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]