Re: net/key: slab-out-of-bounds in pfkey_compile_policy

From: Steffen Klassert
Date: Mon May 08 2017 - 07:49:26 EST

Next message: Boris Brezillon: "Re: Race to power off harming SATA SSDs"
Previous message: Boris Brezillon: "Re: Race to power off harming SATA SSDs"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

On Fri, May 05, 2017 at 02:18:01PM +0200, Andrey Konovalov wrote:
> On Fri, May 5, 2017 at 11:11 AM, Steffen Klassert
> <steffen.klassert@xxxxxxxxxxx> wrote:
> > On Tue, May 02, 2017 at 06:45:03PM +0200, Andrey Konovalov wrote:
> >> Hi,
> >>
> >> I've got the following error report while fuzzing the kernel with syzkaller.
> >>
> >> On commit d3b5d35290d729a2518af00feca867385a1b08fa (4.11).
> >>
> >> A reproducer and .config are attached.
> >>
> >> ==================================================================
> >> BUG: KASAN: slab-out-of-bounds in pfkey_compile_policy+0x8e6/0xd40 at
> >> addr ffff88006701f798
> >> Read of size 1280 by task a.out/4181
> >
> >
> > This bug was introduced twelve years ago...
> >
> > This patch is based just on code review, I don't have an option to
> > function test this. But I see that we now exit with -EINVAL before the
> > memcpy that causes the slab-out-of-bounds when using your reproducer,
> > so it should at least fix the bug.
>
> Hi Steffen,
>
> This patch fixes the issue for me.
>
> Thanks!
>
> Tested-by: Andrey Konovalov <andreyknvl@xxxxxxxxxx>

Patch is now applied to the ipsec tree.
Thanks for reporting and testing!

Next message: Boris Brezillon: "Re: Race to power off harming SATA SSDs"
Previous message: Boris Brezillon: "Re: Race to power off harming SATA SSDs"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]