Re: [PATCH] Trivial fix for out of bounds array access in xfrm4_policy_check

From: Herbert Xu
Date: Tue Sep 07 2004 - 07:49:05 EST

Next message: Arjan van de Ven: "Re: attribute warn_unused_result"
Previous message: Con Kolivas: "Re: attribute warn_unused_result"
In reply to: Catalin(ux aka Dino) BOIE: "[PATCH] Trivial fix for out of bounds array access in xfrm4_policy_check"
Next in thread: David S. Miller: "Re: [PATCH] Trivial fix for out of bounds array access inxfrm4_policy_check"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

Catalinux aka Dino BOIE <util@xxxxxxxxxxxxxxx> wrote:
>
> Coverity found a bug in accessing xfrm4_policy_check using XFRM_POLICY_FWD
> (=2) as index in sk->sk_policy.
>
> sk->sk_policy[] is defined in sock.h as:
>
> struct xfrm_policy *sk_policy[2];
>
> Attached is the fix.

This is bogus as if the packet is forwarded then sk == NULL.
--
Visit Openswan at http://www.openswan.org/
Email: Herbert Xu ~{PmV>HI~} <herbert@xxxxxxxxxxxxxxxxxxx>
Home Page: http://gondor.apana.org.au/~herbert/
PGP Key: http://gondor.apana.org.au/~herbert/pubkey.txt
-
To unsubscribe from this list: send the line "unsubscribe linux-kernel" in
the body of a message to majordomo@xxxxxxxxxxxxxxx
More majordomo info at http://vger.kernel.org/majordomo-info.html
Please read the FAQ at http://www.tux.org/lkml/

Next message: Arjan van de Ven: "Re: attribute warn_unused_result"
Previous message: Con Kolivas: "Re: attribute warn_unused_result"
In reply to: Catalin(ux aka Dino) BOIE: "[PATCH] Trivial fix for out of bounds array access in xfrm4_policy_check"
Next in thread: David S. Miller: "Re: [PATCH] Trivial fix for out of bounds array access inxfrm4_policy_check"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]