Re: [PATCH v3 net] ax25: fix OOB read after address header strip in ax25_rcv()

Next message: Heiko Carstens: "Re: [PATCH v2 5/6] s390/mm: Batch PTE updates in lazy MMU mode"
Previous message: Roberto A. Foglietta: "Re: [PATCH v4 1/1] printk: fix zero-valued printk timestamps in early boot"
Next in thread: David Laight: "Re: [PATCH v3 net] ax25: fix OOB read after address header strip in ax25_rcv()"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

From: Ashutosh Desai

Date: Thu Apr 16 2026 - 01:41:15 EST

On Wed, 15 Apr 2026 08:59:21 +0100, David Laight wrote:
> Is it just worth linearising the skb on entry to all this code?

Thanks for the feedback, David.

skb_linearize() on entry is a nice idea for simplifying sanity checks
overall, but it wouldn't fix this particular bug on its own - the issue
is skb->len dropping to zero after skb_pull(), not non-linear data. We'd
still need a length check regardless. pskb_may_pull(skb, 2) handles both
in one call.

That said, linearizing on entry to ax25_rcv() as a cleanup to simplify
future checks sounds worthwhile - happy to send that as a separate
net-next patch.