Re: net/netlink: another global-out-of-bounds in genl_family_rcv_msg/validate_nla

From: Cong Wang
Date: Thu Nov 03 2016 - 19:24:05 EST

Next message: Joel Stanley: "Re: [PATCH v2 4/6] pinctrl: aspeed: Read and write bits in LPCHC and GFX controllers"
Previous message: Eric Biggers: "Re: vmalloced stacks and scatterwalk_map_and_copy()"
In reply to: Andrey Konovalov: "net/netlink: another global-out-of-bounds in genl_family_rcv_msg/validate_nla"
Next in thread: Andrey Konovalov: "Re: net/netlink: another global-out-of-bounds in genl_family_rcv_msg/validate_nla"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

On Thu, Nov 3, 2016 at 4:04 PM, Andrey Konovalov <andreyknvl@xxxxxxxxxx> wrote:
> Hi,
>
> I've got the following error report while running the syzkaller fuzzer:
>
> BUG: KASAN: global-out-of-bounds in validate_nla+0x49b/0x4e0 at addr
> ffffffff84452de0
> Read of size 2 by task syz-executor/19055
> Address belongs to variable ip_vs_cmd_policy+0x20/0x40

LOL, seems a typo

diff --git a/net/netfilter/ipvs/ip_vs_ctl.c b/net/netfilter/ipvs/ip_vs_ctl.c
index c3c809b..a6e44ef 100644
--- a/net/netfilter/ipvs/ip_vs_ctl.c
+++ b/net/netfilter/ipvs/ip_vs_ctl.c
@@ -2845,7 +2845,7 @@ static struct genl_family ip_vs_genl_family = {
.hdrsize = 0,
.name = IPVS_GENL_NAME,
.version = IPVS_GENL_VERSION,
- .maxattr = IPVS_CMD_MAX,
+ .maxattr = IPVS_CMD_ATTR_MAX,
.netnsok = true, /* Make ipvsadm to work on netns */
};

Next message: Joel Stanley: "Re: [PATCH v2 4/6] pinctrl: aspeed: Read and write bits in LPCHC and GFX controllers"
Previous message: Eric Biggers: "Re: vmalloced stacks and scatterwalk_map_and_copy()"
In reply to: Andrey Konovalov: "net/netlink: another global-out-of-bounds in genl_family_rcv_msg/validate_nla"
Next in thread: Andrey Konovalov: "Re: net/netlink: another global-out-of-bounds in genl_family_rcv_msg/validate_nla"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]