Re: net/netlink: another global-out-of-bounds in genl_family_rcv_msg/validate_nla

From: Andrey Konovalov
Date: Thu Nov 03 2016 - 19:35:05 EST

Next message: Vineet Gupta: "[PATCH v3 07/10] ARC: breakout aux handling into a separate header"
Previous message: Kast Bernd: "[PATCH] r8169: Module parameter for opt-in of ASPM"
In reply to: Cong Wang: "Re: net/netlink: another global-out-of-bounds in genl_family_rcv_msg/validate_nla"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

On Fri, Nov 4, 2016 at 12:22 AM, Cong Wang <xiyou.wangcong@xxxxxxxxx> wrote:
> On Thu, Nov 3, 2016 at 4:04 PM, Andrey Konovalov <andreyknvl@xxxxxxxxxx> wrote:
>> Hi,
>>
>> I've got the following error report while running the syzkaller fuzzer:
>>
>> BUG: KASAN: global-out-of-bounds in validate_nla+0x49b/0x4e0 at addr
>> ffffffff84452de0
>> Read of size 2 by task syz-executor/19055
>> Address belongs to variable ip_vs_cmd_policy+0x20/0x40
>
> LOL, seems a typo
>
> diff --git a/net/netfilter/ipvs/ip_vs_ctl.c b/net/netfilter/ipvs/ip_vs_ctl.c
> index c3c809b..a6e44ef 100644
> --- a/net/netfilter/ipvs/ip_vs_ctl.c
> +++ b/net/netfilter/ipvs/ip_vs_ctl.c
> @@ -2845,7 +2845,7 @@ static struct genl_family ip_vs_genl_family = {
> .hdrsize = 0,
> .name = IPVS_GENL_NAME,
> .version = IPVS_GENL_VERSION,
> - .maxattr = IPVS_CMD_MAX,
> + .maxattr = IPVS_CMD_ATTR_MAX,
> .netnsok = true, /* Make ipvsadm to work on netns */
> };

This fixes the issue for me.

Tested-by: Andrey Konovalov <andreyknvl@xxxxxxxxxx>

Thanks again!

Next message: Vineet Gupta: "[PATCH v3 07/10] ARC: breakout aux handling into a separate header"
Previous message: Kast Bernd: "[PATCH] r8169: Module parameter for opt-in of ASPM"
In reply to: Cong Wang: "Re: net/netlink: another global-out-of-bounds in genl_family_rcv_msg/validate_nla"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]