subject:"\[PATCH\] af_key\: fix buffer overread in parse_exthdrs\(\)"

Re: [PATCH] af_key: fix buffer overread in parse_exthdrs()

2017-12-30 Thread Steffen Klassert

On Fri, Dec 29, 2017 at 06:15:23PM -0600, Eric Biggers wrote: > From: Eric Biggers > > If a message sent to a PF_KEY socket ended with an incomplete extension > header (fewer than 4 bytes remaining), then parse_exthdrs() read past > the end of the message, into uninitialized

[PATCH] af_key: fix buffer overread in parse_exthdrs()

2017-12-29 Thread Eric Biggers

From: Eric Biggers If a message sent to a PF_KEY socket ended with an incomplete extension header (fewer than 4 bytes remaining), then parse_exthdrs() read past the end of the message, into uninitialized memory. Fix it by returning -EINVAL in this case. Reproducer: