Re: [PATCH] Trivial fix for out of bounds array access in xfrm4_policy

netdev

Re: [PATCH] Trivial fix for out of bounds array access in xfrm4_policy_c

To:	Herbert Xu <herbert@xxxxxxxxxxxxxxxxxxx>
Subject:	Re: [PATCH] Trivial fix for out of bounds array access in xfrm4_policy_check
From:	"David S. Miller" <davem@xxxxxxxxxxxxx>
Date:	Tue, 7 Sep 2004 14:02:45 -0700
Cc:	util@xxxxxxxxxxxxxxx, netdev@xxxxxxxxxxx, linux-kernel@xxxxxxxxxxxxxxx
In-reply-to:	<E1C4fMc-000817-00@gondolin.me.apana.org.au>
References:	<Pine.LNX.4.61.0409071322100.8637@hosting.rdsbv.ro> <E1C4fMc-000817-00@gondolin.me.apana.org.au>
Sender:	netdev-bounce@xxxxxxxxxxx

On Tue, 07 Sep 2004 22:46:22 +1000
Herbert Xu <herbert@xxxxxxxxxxxxxxxxxxx> wrote:

> Catalinux aka Dino BOIE <util@xxxxxxxxxxxxxxx> wrote:
> > 
> > Coverity found a bug in accessing xfrm4_policy_check using XFRM_POLICY_FWD 
> > (=2) as index in sk->sk_policy.
> > 
> > sk->sk_policy[] is defined in sock.h as:
> > 
> > struct xfrm_policy *sk_policy[2];
> > 
> > Attached is the fix.
> 
> This is bogus as if the packet is forwarded then sk == NULL.

Agreed.

[More with this subject...]

<Prev in Thread]	Current Thread	[Next in Thread>
[PATCH] Trivial fix for out of bounds array access in xfrm4_policy_check, Catalin(ux aka Dino) BOIE Re: [PATCH] Trivial fix for out of bounds array access in xfrm4_policy_check, Herbert Xu Re: [PATCH] Trivial fix for out of bounds array access in xfrm4_policy_check, David S. Miller <=

Previous by Date:	Re: [PATCH] bridge deadlock on device removal, David S. Miller
Next by Date:	Re: [PATCH] Compat32 setsockopt overzealous conversions, David S. Miller
Previous by Thread:	Re: [PATCH] Trivial fix for out of bounds array access in xfrm4_policy_check, Herbert Xu
Next by Thread:	[PATCH] NETIF_F_LLTX for devices 2, Andi Kleen
Indexes:	[Date] [Thread] [Top] [All Lists]