Re: net/xfrm: stack out-of-bounds in xfrm_flowi_sport

2017-02-28 Thread Dmitry Vyukov
On Wed, Feb 15, 2017 at 7:26 AM, Steffen Klassert wrote: > On Tue, Feb 14, 2017 at 10:16:44AM +0100, Dmitry Vyukov wrote: >> >> I've run the repro with you patch and don't see the bug any more: >> >> Tested-by: Dmitry Vyukov > > I've applied this to the ipsec tree now. > > Thanks for testing! H

Re: net/xfrm: stack out-of-bounds in xfrm_flowi_sport

2017-02-28 Thread Steffen Klassert
Hi Dmitry. On Tue, Feb 28, 2017 at 02:39:17PM +0100, Dmitry Vyukov wrote: > On Wed, Feb 15, 2017 at 7:26 AM, Steffen Klassert > wrote: > > On Tue, Feb 14, 2017 at 10:16:44AM +0100, Dmitry Vyukov wrote: > >> > >> I've run the repro with you patch and don't see the bug any more: > >> > >> Tested-by

Re: net/xfrm: stack out-of-bounds in xfrm_flowi_sport

2017-02-14 Thread Steffen Klassert
On Tue, Feb 14, 2017 at 10:16:44AM +0100, Dmitry Vyukov wrote: > > I've run the repro with you patch and don't see the bug any more: > > Tested-by: Dmitry Vyukov I've applied this to the ipsec tree now. Thanks for testing!

Re: net/xfrm: stack out-of-bounds in xfrm_flowi_sport

2017-02-14 Thread Dmitry Vyukov
On Tue, Feb 14, 2017 at 10:08 AM, Steffen Klassert wrote: > On Tue, Feb 14, 2017 at 09:41:35AM +0100, Dmitry Vyukov wrote: >> On Tue, Feb 14, 2017 at 8:08 AM, Steffen Klassert >> wrote: >> > On Mon, Feb 13, 2017 at 03:46:56PM +0100, Dmitry Vyukov wrote: >> >> >> >> On commit 7089db84e356562f8ba73

Re: net/xfrm: stack out-of-bounds in xfrm_flowi_sport

2017-02-14 Thread Steffen Klassert
On Tue, Feb 14, 2017 at 09:41:35AM +0100, Dmitry Vyukov wrote: > On Tue, Feb 14, 2017 at 8:08 AM, Steffen Klassert > wrote: > > On Mon, Feb 13, 2017 at 03:46:56PM +0100, Dmitry Vyukov wrote: > >> > >> On commit 7089db84e356562f8ba737c29e472cc42d530dbc. > >> > >> > >> struct flowi4 fl4_stack alloca

Re: net/xfrm: stack out-of-bounds in xfrm_flowi_sport

2017-02-14 Thread Dmitry Vyukov
On Tue, Feb 14, 2017 at 8:08 AM, Steffen Klassert wrote: > On Mon, Feb 13, 2017 at 03:46:56PM +0100, Dmitry Vyukov wrote: >> >> On commit 7089db84e356562f8ba737c29e472cc42d530dbc. >> >> >> struct flowi4 fl4_stack allocated on stack in udp_sendmsg is being >> casted to larger struct flowi and then

Re: net/xfrm: stack out-of-bounds in xfrm_flowi_sport

2017-02-13 Thread Steffen Klassert
On Mon, Feb 13, 2017 at 03:46:56PM +0100, Dmitry Vyukov wrote: > > On commit 7089db84e356562f8ba737c29e472cc42d530dbc. > > > struct flowi4 fl4_stack allocated on stack in udp_sendmsg is being > casted to larger struct flowi and then accessed. Looks like the problem is when using IPv4-mapped IPv

net/xfrm: stack out-of-bounds in xfrm_flowi_sport

2017-02-13 Thread Dmitry Vyukov
Hello, The following program triggers stack out-of-bounds in xfrm_flowi_sport: BUG: KASAN: stack-out-of-bounds in xfrm_flowi_sport include/net/xfrm.h:862 [inline] at addr 8800677df796 BUG: KASAN: stack-out-of-bounds in __xfrm6_selector_match net/xfrm/xfrm_policy.c:89 [inline] at addr 880