[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
Re: [RFC PATCH-for-5.2 0/2] net: Do not accept packets with invalid huge
From: |
Philippe Mathieu-Daudé |
Subject: |
Re: [RFC PATCH-for-5.2 0/2] net: Do not accept packets with invalid huge size |
Date: |
Mon, 30 Nov 2020 11:02:59 +0100 |
User-agent: |
Mozilla/5.0 (X11; Linux x86_64; rv:78.0) Gecko/20100101 Thunderbird/78.4.0 |
On 11/28/20 9:59 PM, Peter Maydell wrote:
> On Fri, 27 Nov 2020 at 15:45, Philippe Mathieu-Daudé <philmd@redhat.com>
> wrote:
>>
>> Hi,
>>
>> This is a simple attempt to avoid the following pattern:
>>
>> ssize_t pkt_size = get_pkt_size(); // returns errno
>>
>> // no check
>>
>> send_packet(size_t size=pkt_size); // size casted to unsigned
>> // -> overflow
>
> "RFC" and "for-5.2" are not a great combination at this point :-(
"RFC" because I don't understand all the effects this assert
can have. "for-5.2" because it was raised as a security bug,
but I don't have access to the information, so I can not see
the big picture.
> What are the consequences if we don't put this patchset in 5.2?
Jason suggested to postpone this. If this is security important,
we can release a 5.2.1-stable tag early I suppose.
Regards,
Phil.