> -----Original Message----- > From: Intel-wired-lan [mailto:[email protected]] On > Behalf Of Konstantin Khorenko > Sent: Friday, November 23, 2018 8:10 AM > To: Kirsher, Jeffrey T <[email protected]> > Cc: [email protected]; [email protected]; linux- > [email protected]; Konstantin Khorenko <[email protected]>; > David S . Miller <[email protected]> > Subject: [Intel-wired-lan] [PATCH 1/1] drivers/net/i40e: define proper > net_device::neigh_priv_len > > Out of bound read reported by KASan. > > i40iw_net_event() reads unconditionally 16 bytes from > neigh->primary_key while the memory allocated for > "neighbour" struct is evaluated in neigh_alloc() as > > tbl->entry_size + dev->neigh_priv_len > > where "dev" is a net_device. > > But the driver does not setup dev->neigh_priv_len and we read beyond the > neigh entry allocated memory, so the patch in the next mail fixes this. > > Signed-off-by: Konstantin Khorenko <[email protected]> > --- > drivers/net/ethernet/intel/i40e/i40e_main.c | 3 +++ > 1 file changed, 3 insertions(+)
Tested-by: Andrew Bowers <[email protected]>
