From mboxrd@z Thu Jan 1 00:00:00 1970 From: Steffen Klassert Subject: Re: net/key: slab-out-of-bounds in pfkey_compile_policy Date: Mon, 8 May 2017 13:49:19 +0200 Message-ID: <20170508114918.GB9813@secunet.com> References: <20170505091105.GA9813@secunet.com> Mime-Version: 1.0 Content-Type: text/plain; charset="us-ascii" Cc: Herbert Xu , "David S. Miller" , netdev , LKML , Dmitry Vyukov , "Kostya Serebryany" , Eric Dumazet , Cong Wang , syzkaller To: Andrey Konovalov Return-path: Content-Disposition: inline In-Reply-To: Sender: linux-kernel-owner@vger.kernel.org List-Id: netdev.vger.kernel.org On Fri, May 05, 2017 at 02:18:01PM +0200, Andrey Konovalov wrote: > On Fri, May 5, 2017 at 11:11 AM, Steffen Klassert > wrote: > > On Tue, May 02, 2017 at 06:45:03PM +0200, Andrey Konovalov wrote: > >> Hi, > >> > >> I've got the following error report while fuzzing the kernel with syzkaller. > >> > >> On commit d3b5d35290d729a2518af00feca867385a1b08fa (4.11). > >> > >> A reproducer and .config are attached. > >> > >> ================================================================== > >> BUG: KASAN: slab-out-of-bounds in pfkey_compile_policy+0x8e6/0xd40 at > >> addr ffff88006701f798 > >> Read of size 1280 by task a.out/4181 > > > > > > This bug was introduced twelve years ago... > > > > This patch is based just on code review, I don't have an option to > > function test this. But I see that we now exit with -EINVAL before the > > memcpy that causes the slab-out-of-bounds when using your reproducer, > > so it should at least fix the bug. > > Hi Steffen, > > This patch fixes the issue for me. > > Thanks! > > Tested-by: Andrey Konovalov Patch is now applied to the ipsec tree. Thanks for reporting and testing!