On Mon, Nov 06, 2017 at 10:36:00AM -0800, syzbot wrote:
>
> syzbot will keep track of this bug report.
> Once a fix for this bug is committed, please reply to this email with:
> #syz fix: exact-commit-title
> To mark this as a duplicate of another syzbot report, please reply with:
> #syz dup: exac
Eric Biggers wrote:
> Hi David, you just beat me to it, but I don't think this is the best way to
> fix the problem. The length check just needs to be rewritten to not
> overflow. Also it seems there is another broken length check later in the
> function. How about this:
Okay, fair enough. D
On Mon, Nov 06, 2017 at 10:05:45PM +, David Howells wrote:
> diff --git a/lib/asn1_decoder.c b/lib/asn1_decoder.c
> index fef5d2e114be..048de2c20ae9 100644
> --- a/lib/asn1_decoder.c
> +++ b/lib/asn1_decoder.c
> @@ -201,6 +201,13 @@ int asn1_ber_decoder(const struct asn1_decoder *decoder,
>
syzbot
wrote:
> syzkaller hit the following crash on 5a3517e009e979f21977d362212b7729c5165d92
> git://git.kernel.org/pub/scm/linux/kernel/git/next/linux-next.git/master
> compiler: gcc (GCC) 7.1.1 20170620
> .config is attached
> Raw console output is attached.
> C reproducer is attached
> syzka
On Mon, Nov 06, 2017 at 10:36:00AM -0800, syzbot wrote:
> kasan: GPF could be caused by NULL-ptr deref or user memory access
> general protection fault: [#1] SMP KASAN
> Dumping ftrace buffer:
>(ftrace buffer empty)
> Modules linked in:
> CPU: 3 PID: 2984 Comm: syzkaller229187 Not tainted
