Re: [PATCH net] ipv6: Fix out-of-bounds access in ipv6_find_tlv()

From: Jiri Pirko
Date: Tue May 23 2023 - 09:26:44 EST

Next message: Jani Nikula: "Re: [PATCH] drm/i915: simplify switch to if-elseif"
Previous message: Alexey Izbyshev: "Re: [PATCH v2 3/5] mm: Make PR_MDWE_REFUSE_EXEC_GAIN an unsigned long"
In reply to: Gavrilov Ilia: "[PATCH net] ipv6: Fix out-of-bounds access in ipv6_find_tlv()"
Next in thread: David Ahern: "Re: [PATCH net] ipv6: Fix out-of-bounds access in ipv6_find_tlv()"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

Tue, May 23, 2023 at 10:29:44AM CEST, Ilia.Gavrilov@xxxxxxxxxxx wrote:
>optlen is fetched without checking whether there is more than one byte to parse.
>It can lead to out-of-bounds access.
>
>Found by InfoTeCS on behalf of Linux Verification Center
>(linuxtesting.org) with SVACE.
>
>Fixes: 3c73a0368e99 ("ipv6: Update ipv6 static library with newly needed functions")
>Signed-off-by: Gavrilov Ilia <Ilia.Gavrilov@xxxxxxxxxxx>

Reviewed-by: Jiri Pirko <jiri@xxxxxxxxxx>

Next message: Jani Nikula: "Re: [PATCH] drm/i915: simplify switch to if-elseif"
Previous message: Alexey Izbyshev: "Re: [PATCH v2 3/5] mm: Make PR_MDWE_REFUSE_EXEC_GAIN an unsigned long"
In reply to: Gavrilov Ilia: "[PATCH net] ipv6: Fix out-of-bounds access in ipv6_find_tlv()"
Next in thread: David Ahern: "Re: [PATCH net] ipv6: Fix out-of-bounds access in ipv6_find_tlv()"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]