Re: [PATCH net,v2 1/2] hv_netvsc: Fix offset usage in netvsc_send_table()

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 



On Fri, 22 Nov 2019 00:54:20 +0000, Haiyang Zhang wrote:
> > >
> > > -	tab = (u32 *)((unsigned long)&nvmsg->msg.v5_msg.send_table +
> > > -		      nvmsg->msg.v5_msg.send_table.offset);
> > > +	if (offset > msglen - count * sizeof(u32)) {  
> > 
> > Can't this underflow now? What if msglen is small?  
> msglen came from the vmbus container message. We trust it to be big
> enough for the data region.

Ok, it looked like it was read from some descriptor which could
potentially be controlled by "the other side" but I trust your
judgement :)

Both patches LGTM, then.



[Index of Archives]     [Linux Samsung SoC]     [Linux Rockchip SoC]     [Linux Actions SoC]     [Linux for Synopsys ARC Processors]     [Linux NFS]     [Linux NILFS]     [Linux USB Devel]     [Video for Linux]     [Linux Audio Users]     [Yosemite News]     [Linux Kernel]     [Linux SCSI]


  Powered by Linux