From: Simon Horman <horms@kernel.org>
To: Dmitry Antipov <dmantipov@yandex.ru>
Cc: "David S. Miller" <davem@davemloft.net>,
"Ricardo B. Marliere" <ricardo@marliere.net>,
Eric Dumazet <edumazet@google.com>,
Paolo Abeni <pabeni@redhat.com>,
linux-ppp@vger.kernel.org, netdev@vger.kernel.org,
lvc-project@linuxtesting.org,
syzbot+ec0723ba9605678b14bf@syzkaller.appspotmail.com,
Guillaume Nault <gnault@redhat.com>,
Jakub Kicinski <kuba@kernel.org>
Subject: Re: [PATCH net v2] ppp: reject claimed-as-LCP but actually malformed packets
Date: Tue, 9 Jul 2024 09:30:12 +0100 [thread overview]
Message-ID: <20240709083012.GD346094@kernel.org> (raw)
In-Reply-To: <20240708115615.134770-1-dmantipov@yandex.ru>
+ Guillaume, Jakub
On Mon, Jul 08, 2024 at 02:56:15PM +0300, Dmitry Antipov wrote:
> Since 'ppp_async_encode()' assumes valid LCP packets (with code
> from 1 to 7 inclusive), add 'ppp_check_packet()' to ensure that
> LCP packet has an actual body beyond PPP_LCP header bytes, and
> reject claimed-as-LCP but actually malformed data otherwise.
>
> Reported-by: syzbot+ec0723ba9605678b14bf@syzkaller.appspotmail.com
> Closes: https://syzkaller.appspot.com/bug?extid=ec0723ba9605678b14bf
> Fixes: 44073187990d ("ppp: ensure minimum packet size in ppp_write()")
Sorry for not noticing this earlier.
I think that the cited commit is not where this problem was introduced.
What that commit does is to introduce a length check.
And what this patch does is to add another, more specific length check.
But the problem fixed by this patch existed before the cited commit.
I expect that, like the cited commit, this patch:
Fixes: 1da177e4c3f4 ("Linux-2.6.12-rc2")
> Signed-off-by: Dmitry Antipov <dmantipov@yandex.ru>
> ---
> v2: style, comments, and metadata adjustments suggested by Simon Horman
Thanks, other than the Fixes tag, this looks good to me.
Reviewed-by: Simon Horman <horms@kernel.org>
...
next prev parent reply other threads:[~2024-07-09 8:30 UTC|newest]
Thread overview: 6+ messages / expand[flat|nested] mbox.gz Atom feed top
2024-07-05 16:08 [PATCH] net: ppp: reject claimed-as-LCP but actually malformed packets Dmitry Antipov
2024-07-06 9:35 ` Simon Horman
2024-07-08 11:56 ` [PATCH net v2] " Dmitry Antipov
2024-07-09 8:30 ` Simon Horman [this message]
2024-07-11 8:41 ` Paolo Abeni
2024-07-11 9:30 ` patchwork-bot+netdevbpf
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=20240709083012.GD346094@kernel.org \
--to=horms@kernel.org \
--cc=davem@davemloft.net \
--cc=dmantipov@yandex.ru \
--cc=edumazet@google.com \
--cc=gnault@redhat.com \
--cc=kuba@kernel.org \
--cc=linux-ppp@vger.kernel.org \
--cc=lvc-project@linuxtesting.org \
--cc=netdev@vger.kernel.org \
--cc=pabeni@redhat.com \
--cc=ricardo@marliere.net \
--cc=syzbot+ec0723ba9605678b14bf@syzkaller.appspotmail.com \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.