* [bug report] xfrm: Add possibility to set the default to block if we have no policy
@ 2021-07-26 10:30 Dan Carpenter
0 siblings, 0 replies; only message in thread
From: Dan Carpenter @ 2021-07-26 10:30 UTC (permalink / raw)
To: steffen.klassert; +Cc: kernel-janitors
Hello Steffen Klassert,
The patch 2d151d39073a: "xfrm: Add possibility to set the default to
block if we have no policy" from Jul 18, 2021, leads to the following
static checker warning:
net/xfrm/xfrm_user.c:1969 xfrm_set_default()
error: undefined (user controlled) shift '1 << up->dirmask'
net/xfrm/xfrm_user.c
1964 static int xfrm_set_default(struct sk_buff *skb, struct nlmsghdr *nlh,
1965 struct nlattr **attrs)
1966 {
1967 struct net *net = sock_net(skb->sk);
1968 struct xfrm_userpolicy_default *up = nlmsg_data(nlh);
--> 1969 u8 dirmask = (1 << up->dirmask) & XFRM_POL_DEFAULT_MASK;
^^^^^^^^^^^^^^^^
I believe this does come from the user so it can shift wrap leading to
a syzbot/UBSan warning. I don't know that the shift wrapping will have
any other real world impact.
1970 u8 old_default = net->xfrm.policy_default;
1971
1972 net->xfrm.policy_default = (old_default & (0xff ^ dirmask))
1973 | (up->action << up->dirmask);
1974
1975 rt_genid_bump_all(net);
1976
1977 return 0;
1978 }
regards,
dan carpenter
^ permalink raw reply [flat|nested] only message in thread
only message in thread, other threads:[~2021-07-26 10:30 UTC | newest]
Thread overview: (only message) (download: mbox.gz / follow: Atom feed)
-- links below jump to the message on this page --
2021-07-26 10:30 [bug report] xfrm: Add possibility to set the default to block if we have no policy Dan Carpenter
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for NNTP newsgroup(s).