From: Dan Carpenter <dan.carpenter@oracle.com>
To: Soumya Negi <soumya.negi97@gmail.com>
Cc: syzbot+9d567e08d3970bfd8271@syzkaller.appspotmail.com,
syzkaller-bugs@googlegroups.com,
Xiaolong Huang <butterflyhuangxx@gmail.com>,
stable@vger.kernel.org, netdev@vger.kernel.org
Subject: Re: Test patch for KASAN: global-out-of-bounds Read in detach_capi_ctr
Date: Mon, 4 Jul 2022 14:26:19 +0300 [thread overview]
Message-ID: <20220704112619.GZ16517@kadam> (raw)
In-Reply-To: <CAHH-VXdqp0ZGKyJWE76zdyKwhv104JRA8ujUY5NoYO47HC9XWQ@mail.gmail.com>
On Fri, Jul 01, 2022 at 06:08:29AM -0700, Soumya Negi wrote:
> #syz test: git://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git
> 3f8a27f9e27bd78604c0709224cec0ec85a8b106
>
> --
> You received this message because you are subscribed to the Google Groups "syzkaller-bugs" group.
> To unsubscribe from this group and stop receiving emails from it, send an email to syzkaller-bugs+unsubscribe@googlegroups.com.
> To view this discussion on the web visit https://groups.google.com/d/msgid/syzkaller-bugs/CAHH-VXdqp0ZGKyJWE76zdyKwhv104JRA8ujUY5NoYO47HC9XWQ%40mail.gmail.com.
> From 3aa5aaffef64a5574cbdb3f5c985bc25b612140c Mon Sep 17 00:00:00 2001
> From: Soumya Negi <soumya.negi97@gmail.com>
> Date: Fri, 1 Jul 2022 04:52:17 -0700
> Subject: [PATCH] isdn: capi: Add check for controller count in
> detach_capi_ctr()
>
> Fixes Syzbot bug:
> https://syzkaller.appspot.com/bug?id=14f4820fbd379105a71fdee357b0759b90587a4e
>
> This patch checks whether any ISDN devices are registered before unregistering
> a CAPI controller(device). Without the check, the controller struct capi_str
> results in out-of-bounds access bugs to other CAPI data strucures in
> detach_capri_ctr() as seen in the bug report.
>
This bug was already fixed by commit 1f3e2e97c003 ("isdn: cpai: check
ctr->cnr to avoid array index out of bound").
It just needs to be backported. Unfortunately there was no Fixes tag so
it wasn't picked up. Also I'm not sure how backports work in netdev.
regards,
dan carpenter
next parent reply other threads:[~2022-07-04 11:26 UTC|newest]
Thread overview: 7+ messages / expand[flat|nested] mbox.gz Atom feed top
[not found] <CAHH-VXdqp0ZGKyJWE76zdyKwhv104JRA8ujUY5NoYO47HC9XWQ@mail.gmail.com>
2022-07-04 11:26 ` Dan Carpenter [this message]
2022-07-04 11:54 ` Test patch for KASAN: global-out-of-bounds Read in detach_capi_ctr Greg KH
2022-07-05 4:04 ` Soumya Negi
2022-07-05 4:45 ` Greg KH
2022-07-05 4:59 ` Soumya Negi
2022-07-05 5:07 ` butt3rflyh4ck
2022-07-05 5:18 ` Greg KH
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=20220704112619.GZ16517@kadam \
--to=dan.carpenter@oracle.com \
--cc=butterflyhuangxx@gmail.com \
--cc=netdev@vger.kernel.org \
--cc=soumya.negi97@gmail.com \
--cc=stable@vger.kernel.org \
--cc=syzbot+9d567e08d3970bfd8271@syzkaller.appspotmail.com \
--cc=syzkaller-bugs@googlegroups.com \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.