From: Dan Carpenter <dan.carpenter@oracle.com>
To: Vikas Chaudhary <vikas.chaudhary@qlogic.com>
Cc: Adheer Chandravanshi <adheer.chandravanshi@qlogic.com>,
Dept-Eng iSCSI Driver <Dept-iSCSIDriver@qlogic.com>,
"James E.J. Bottomley" <JBottomley@parallels.com>,
linux-scsi <linux-scsi@vger.kernel.org>,
"kernel-janitors@vger.kernel.org"
<kernel-janitors@vger.kernel.org>,
"Eric W. Biederman" <ebiederm@xmission.com>
Subject: Re: [patch] [SCSI] qla4xxx: overflow in qla4xxx_set_chap_entry()
Date: Wed, 13 Nov 2013 17:06:00 +0300 [thread overview]
Message-ID: <20131113140600.GK5443@mwanda> (raw)
In-Reply-To: <20131113120812.GM5302@mwanda>
On Wed, Nov 13, 2013 at 03:08:12PM +0300, Dan Carpenter wrote:
> On Wed, Nov 13, 2013 at 11:52:37AM +0000, Vikas Chaudhary wrote:
> >
> >
> > -----Original Message-----
> > From: Dan Carpenter <dan.carpenter@oracle.com>
> > Date: Wednesday, 13 November 2013 1:18 pm
> > To: Vikas <vikas.chaudhary@qlogic.com>, Adheer Chandravanshi
> > <adheer.chandravanshi@qlogic.com>
> > Cc: Dept-Eng iSCSI Driver <Dept-iSCSIDriver@qlogic.com>, "James E.J.
> > Bottomley" <JBottomley@parallels.com>, scsi <linux-scsi@vger.kernel.org>,
> > "kernel-janitors@vger.kernel.org" <kernel-janitors@vger.kernel.org>
> > Subject: [patch] [SCSI] qla4xxx: overflow in qla4xxx_set_chap_entry()
> >
> > >We should cap the size of memcpy() because it comes from the network
> > >and can't be trusted.
> >
> > This patch is on assumption that data is coming from network,
> > but in this case data come from application (iscsiadm) with correct length.
> >
>
> No, that doesn't work. We don't trust user space.
Btw, the is especially true with network namespaces... These days
anyone who is ns_capable() could overflow the buffer after:
df008c91f835 ('net: Allow userns root to control llc, netfilter, netlink, packet, and xfrm')
regards,
dan carpenter
next prev parent reply other threads:[~2013-11-13 14:06 UTC|newest]
Thread overview: 5+ messages / expand[flat|nested] mbox.gz Atom feed top
2013-11-13 7:48 [patch] [SCSI] qla4xxx: overflow in qla4xxx_set_chap_entry() Dan Carpenter
2013-11-13 11:52 ` Vikas Chaudhary
2013-11-13 12:08 ` Dan Carpenter
2013-11-13 14:06 ` Dan Carpenter [this message]
2013-11-14 3:53 ` Vikas Chaudhary
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=20131113140600.GK5443@mwanda \
--to=dan.carpenter@oracle.com \
--cc=Dept-iSCSIDriver@qlogic.com \
--cc=JBottomley@parallels.com \
--cc=adheer.chandravanshi@qlogic.com \
--cc=ebiederm@xmission.com \
--cc=kernel-janitors@vger.kernel.org \
--cc=linux-scsi@vger.kernel.org \
--cc=vikas.chaudhary@qlogic.com \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox