From: patchwork-bot+netdevbpf@kernel.org
To: Roded Zats <rzats@paloaltonetworks.com>
Cc: benve@cisco.com, satishkh@cisco.com, davem@davemloft.net,
edumazet@google.com, kuba@kernel.org, pabeni@redhat.com,
orcohen@paloaltonetworks.com, netdev@vger.kernel.org
Subject: Re: [PATCH net v2] enic: Validate length of nl attributes in enic_set_vf_port
Date: Mon, 27 May 2024 09:42:44 +0000 [thread overview]
Message-ID: <171680296463.9196.1896374308140927218.git-patchwork-notify@kernel.org> (raw)
In-Reply-To: <20240522073044.33519-1-rzats@paloaltonetworks.com>
Hello:
This patch was applied to netdev/net.git (main)
by Paolo Abeni <pabeni@redhat.com>:
On Wed, 22 May 2024 10:30:44 +0300 you wrote:
> enic_set_vf_port assumes that the nl attribute IFLA_PORT_PROFILE
> is of length PORT_PROFILE_MAX and that the nl attributes
> IFLA_PORT_INSTANCE_UUID, IFLA_PORT_HOST_UUID are of length PORT_UUID_MAX.
> These attributes are validated (in the function do_setlink in rtnetlink.c)
> using the nla_policy ifla_port_policy. The policy defines IFLA_PORT_PROFILE
> as NLA_STRING, IFLA_PORT_INSTANCE_UUID as NLA_BINARY and
> IFLA_PORT_HOST_UUID as NLA_STRING. That means that the length validation
> using the policy is for the max size of the attributes and not on exact
> size so the length of these attributes might be less than the sizes that
> enic_set_vf_port expects. This might cause an out of bands
> read access in the memcpys of the data of these
> attributes in enic_set_vf_port.
>
> [...]
Here is the summary with links:
- [net,v2] enic: Validate length of nl attributes in enic_set_vf_port
https://git.kernel.org/netdev/net/c/e8021b94b041
You are awesome, thank you!
--
Deet-doot-dot, I am a bot.
https://korg.docs.kernel.org/patchwork/pwbot.html
next prev parent reply other threads:[~2024-05-27 9:42 UTC|newest]
Thread overview: 5+ messages / expand[flat|nested] mbox.gz Atom feed top
[not found] <20240516065755.6bce136f@kernel.org>
2024-05-16 15:42 ` [PATCH net] enic: Validate length of nl attributes in enic_set_vf_port Roded Zats
2024-05-21 10:38 ` Paolo Abeni
2024-05-22 7:30 ` [PATCH net v2] " Roded Zats
2024-05-27 9:42 ` patchwork-bot+netdevbpf [this message]
2024-06-27 23:20 ` Stephen Hemminger
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=171680296463.9196.1896374308140927218.git-patchwork-notify@kernel.org \
--to=patchwork-bot+netdevbpf@kernel.org \
--cc=benve@cisco.com \
--cc=davem@davemloft.net \
--cc=edumazet@google.com \
--cc=kuba@kernel.org \
--cc=netdev@vger.kernel.org \
--cc=orcohen@paloaltonetworks.com \
--cc=pabeni@redhat.com \
--cc=rzats@paloaltonetworks.com \
--cc=satishkh@cisco.com \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.