Re: [PATCH] Trivial fix for out of bounds array access in xfrm4_policy

netdev

Re: [PATCH] Trivial fix for out of bounds array access in xfrm4_policy_c

To:	util@xxxxxxxxxxxxxxx (Catalinux aka Dino BOIE)
Subject:	Re: [PATCH] Trivial fix for out of bounds array access in xfrm4_policy_check
From:	Herbert Xu <herbert@xxxxxxxxxxxxxxxxxxx>
Date:	Tue, 07 Sep 2004 22:46:22 +1000
Cc:	netdev@xxxxxxxxxxx, linux-kernel@xxxxxxxxxxxxxxx
In-reply-to:	<Pine.LNX.4.61.0409071322100.8637@xxxxxxxxxxxxxxxx>
Organization:	Core
Sender:	netdev-bounce@xxxxxxxxxxx
User-agent:	tin/1.7.4-20040225 ("Benbecula") (UNIX) (Linux/2.4.26-1-686-smp (i686))

Catalinux aka Dino BOIE <util@xxxxxxxxxxxxxxx> wrote:
> 
> Coverity found a bug in accessing xfrm4_policy_check using XFRM_POLICY_FWD 
> (=2) as index in sk->sk_policy.
> 
> sk->sk_policy[] is defined in sock.h as:
> 
> struct xfrm_policy *sk_policy[2];
> 
> Attached is the fix.

This is bogus as if the packet is forwarded then sk == NULL.
-- 
Visit Openswan at http://www.openswan.org/
Email: Herbert Xu ~{PmV>HI~} <herbert@xxxxxxxxxxxxxxxxxxx>
Home Page: http://gondor.apana.org.au/~herbert/
PGP Key: http://gondor.apana.org.au/~herbert/pubkey.txt

[More with this subject...]

<Prev in Thread]	Current Thread	[Next in Thread>
[PATCH] Trivial fix for out of bounds array access in xfrm4_policy_check, Catalin(ux aka Dino) BOIE Re: [PATCH] Trivial fix for out of bounds array access in xfrm4_policy_check, Herbert Xu <= Re: [PATCH] Trivial fix for out of bounds array access in xfrm4_policy_check, David S. Miller

Previous by Date:	[PATCH] LLTX for tg3, Andi Kleen
Next by Date:	[PATCH] Compat32 setsockopt overzealous conversions, David Woodhouse
Previous by Thread:	[PATCH] Trivial fix for out of bounds array access in xfrm4_policy_check, Catalin(ux aka Dino) BOIE
Next by Thread:	Re: [PATCH] Trivial fix for out of bounds array access in xfrm4_policy_check, David S. Miller
Indexes:	[Date] [Thread] [Top] [All Lists]