All of lore.kernel.org
 help / color / mirror / Atom feed
From: Donald Hunter <donald.hunter@gmail.com>
To: Roded Zats <rzats@paloaltonetworks.com>
Cc: davem@davemloft.net,  edumazet@google.com,  kuba@kernel.org,
	pabeni@redhat.com,  orcohen@paloaltonetworks.com,
	 netdev@vger.kernel.org
Subject: Re: [PATCH net] rtnetlink: Correct nested IFLA_VF_VLAN_LIST attribute validation
Date: Fri, 03 May 2024 11:06:27 +0100	[thread overview]
Message-ID: <m2jzkbfbvg.fsf@gmail.com> (raw)
In-Reply-To: <20240502155751.75705-1-rzats@paloaltonetworks.com> (Roded Zats's message of "Thu, 2 May 2024 18:57:51 +0300")

Roded Zats <rzats@paloaltonetworks.com> writes:

> Each attribute inside a nested IFLA_VF_VLAN_LIST is assumed to be a
> struct ifla_vf_vlan_info so the size of such attribute needs to be at least
> of sizeof(struct ifla_vf_vlan_info) which is 14 bytes.
> The current size validation in do_setvfinfo is against NLA_HDRLEN (4 bytes)
> which is less than sizeof(struct ifla_vf_vlan_info) so this validation
> is not enough and a too small attribute might be cast to a
> struct ifla_vf_vlan_info, this might result in an out of bands
> read access when accessing the saved (casted) entry in ivvl.
>
> Fixes: 79aab093a0b5 ("net: Update API for VF vlan protocol 802.1ad support")
> Signed-off-by: Roded Zats <rzats@paloaltonetworks.com>

Reviewed-by: Donald Hunter <donald.hunter@gmail.com>


  reply	other threads:[~2024-05-03 10:18 UTC|newest]

Thread overview: 3+ messages / expand[flat|nested]  mbox.gz  Atom feed  top
     [not found] <20240502064226.633cd9de@kernel.org>
2024-05-02 15:57 ` [PATCH net] rtnetlink: Correct nested IFLA_VF_VLAN_LIST attribute validation Roded Zats
2024-05-03 10:06   ` Donald Hunter [this message]
2024-05-03 23:10   ` patchwork-bot+netdevbpf

Reply instructions:

You may reply publicly to this message via plain-text email
using any one of the following methods:

* Save the following mbox file, import it into your mail client,
  and reply-to-all from there: mbox

  Avoid top-posting and favor interleaved quoting:
  https://en.wikipedia.org/wiki/Posting_style#Interleaved_style

* Reply using the --to, --cc, and --in-reply-to
  switches of git-send-email(1):

  git send-email \
    --in-reply-to=m2jzkbfbvg.fsf@gmail.com \
    --to=donald.hunter@gmail.com \
    --cc=davem@davemloft.net \
    --cc=edumazet@google.com \
    --cc=kuba@kernel.org \
    --cc=netdev@vger.kernel.org \
    --cc=orcohen@paloaltonetworks.com \
    --cc=pabeni@redhat.com \
    --cc=rzats@paloaltonetworks.com \
    /path/to/YOUR_REPLY

  https://kernel.org/pub/software/scm/git/docs/git-send-email.html

* If your mail client supports setting the In-Reply-To header
  via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line before the message body. 
This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.