Re: [PATCH] Trivial fix for out of bounds array access inxfrm4_policy_check

From: David S. Miller
Date: Tue Sep 07 2004 - 16:24:58 EST

Next message: Paul Fulghum: "Re: [PATCH] ACPI-based i8042 keyboard/aux controller enumeration"
Previous message: Tom Rini: "Re: [PATCH] update arch/ppc/defconfig"
In reply to: Herbert Xu: "Re: [PATCH] Trivial fix for out of bounds array access in xfrm4_policy_check"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

On Tue, 07 Sep 2004 22:46:22 +1000
Herbert Xu <herbert@xxxxxxxxxxxxxxxxxxx> wrote:

> Catalinux aka Dino BOIE <util@xxxxxxxxxxxxxxx> wrote:
> >
> > Coverity found a bug in accessing xfrm4_policy_check using XFRM_POLICY_FWD
> > (=2) as index in sk->sk_policy.
> >
> > sk->sk_policy[] is defined in sock.h as:
> >
> > struct xfrm_policy *sk_policy[2];
> >
> > Attached is the fix.
>
> This is bogus as if the packet is forwarded then sk == NULL.

Agreed.
-
To unsubscribe from this list: send the line "unsubscribe linux-kernel" in
the body of a message to majordomo@xxxxxxxxxxxxxxx
More majordomo info at http://vger.kernel.org/majordomo-info.html
Please read the FAQ at http://www.tux.org/lkml/

Next message: Paul Fulghum: "Re: [PATCH] ACPI-based i8042 keyboard/aux controller enumeration"
Previous message: Tom Rini: "Re: [PATCH] update arch/ppc/defconfig"
In reply to: Herbert Xu: "Re: [PATCH] Trivial fix for out of bounds array access in xfrm4_policy_check"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]