Follow @Openwall on Twitter for new release announcements and other news
[<prev] [next>] [<thread-prev] [day] [month] [year] [list]
Date: Tue, 28 Jun 2016 12:31:49 -0400
Subject: Re: Usercopy caught another one - ping IPv6...

On Tue, 28 Jun 2016 15:15:25 +0200, Marcus Meissner said:
> Hi,
> This is probably the ICMPV6_FILTER setting?
>                 if (optlen > sizeof(struct icmp6_filter))
> 		                        optlen = sizeof(struct icmp6_filter);
>                 if (copy_from_user(&raw6_sk(sk)->filter, optval, optlen))
> 		                        return -EFAULT;
> struct raw6_sock has
>         struct icmp6_filter     filter;
> not sure where the bug is.

Probably no actual bug, but the allocation of storage for 'filter' needs to be
annotated.  Thanks for finding that, that's the *hard* part.  I'll look at it
and see if a reasonable patch is doable...

Content of type "application/pgp-signature" skipped

Powered by blists - more mailing lists

Confused about mailing lists and their use? Read about mailing lists on Wikipedia and check out these guidelines on proper formatting of your messages.