On 7/24/20 2:14 PM, Jacob Keller wrote:
On 7/23/2020 12:35 PM, Eric Dumazet wrote:
On 7/23/20 11:21 AM, Mark Salyzyn wrote:
Many of the nla_get_* inlines fail to check attribute's length before
copying the content resulting in possible out-of-boundary accesses.
Adjust the inlines to perform nl
On 7/23/2020 12:35 PM, Eric Dumazet wrote:
> On 7/23/20 11:21 AM, Mark Salyzyn wrote:
>> Many of the nla_get_* inlines fail to check attribute's length before
>> copying the content resulting in possible out-of-boundary accesses.
>> Adjust the inlines to perform nla_len checking, for the most pa
On 7/23/20 12:35 PM, Eric Dumazet wrote:
I believe this will hide bugs, that syzbot was able to catch.
syzbot failed to catch the problem because of padding u8, u16 and u32
were all immune because they would go out of bounds into a padded buffer :-(
On 7/23/20 12:19 PM, David Miller wrote:
On 7/23/20 11:21 AM, Mark Salyzyn wrote:
> Many of the nla_get_* inlines fail to check attribute's length before
> copying the content resulting in possible out-of-boundary accesses.
> Adjust the inlines to perform nla_len checking, for the most part
> using the nla_memcpy function to faciliate
From: Mark Salyzyn
Date: Thu, 23 Jul 2020 11:21:32 -0700
> Many of the nla_get_* inlines fail to check attribute's length before
> copying the content resulting in possible out-of-boundary accesses.
> Adjust the inlines to perform nla_len checking, for the most part
> using the nla_memcpy functio
Many of the nla_get_* inlines fail to check attribute's length before
copying the content resulting in possible out-of-boundary accesses.
Adjust the inlines to perform nla_len checking, for the most part
using the nla_memcpy function to faciliate since these are not
necessarily performance critical
6 matches
Mail list logo
