Re: general protection fault in asn1_ber_decoder

On Mon, Nov 06, 2017 at 10:36:00AM -0800, syzbot wrote: > > syzbot will keep track of this bug report. > Once a fix for this bug is committed, please reply to this email with: > #syz fix: exact-commit-title > To mark this as a duplicate of another syzbot report, please reply with: > #syz dup:

Re: general protection fault in asn1_ber_decoder

Eric Biggers wrote: > Hi David, you just beat me to it, but I don't think this is the best way to > fix the problem. The length check just needs to be rewritten to not > overflow. Also it seems there is another broken length check later in the > function. How about this:

Re: general protection fault in asn1_ber_decoder

On Mon, Nov 06, 2017 at 10:05:45PM +, David Howells wrote: > diff --git a/lib/asn1_decoder.c b/lib/asn1_decoder.c > index fef5d2e114be..048de2c20ae9 100644 > --- a/lib/asn1_decoder.c > +++ b/lib/asn1_decoder.c > @@ -201,6 +201,13 @@ int asn1_ber_decoder(const struct asn1_decoder *decoder, >

Re: general protection fault in asn1_ber_decoder

syzbot wrote: > syzkaller hit the following crash on 5a3517e009e979f21977d362212b7729c5165d92 > git://git.kernel.org/pub/scm/linux/kernel/git/next/linux-next.git/master > compiler: gcc (GCC) 7.1.1 20170620 > .config is

Re: general protection fault in asn1_ber_decoder

On Mon, Nov 06, 2017 at 10:36:00AM -0800, syzbot wrote: > kasan: GPF could be caused by NULL-ptr deref or user memory access > general protection fault: [#1] SMP KASAN > Dumping ftrace buffer: >(ftrace buffer empty) > Modules linked in: > CPU: 3 PID: 2984 Comm: syzkaller229187 Not tainted