Re: [PATH 4.14.y] net/sched: cls_fw: No longer copy tcf_result on update to avoid use-after-free

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 





On 2023-09-18 15:17, valis wrote:

On Mon, Sep 18, 2023 at 8:09 PM Luiz Capitulino <luizcap@xxxxxxxxxx> wrote:

Valis, Greg,

I noticed that 4.14 is missing this fix while we backported all three fixes
from this series to all stable kernels:

https://lore.kernel.org/all/20230729123202.72406-1-jhs@xxxxxxxxxxxx

Is there a reason to have skipped 4.14 for this fix? It seems we need it.

Hi Luiz!

I see no reason why it should be skipped for 4.14
I've just checked 4.14.325 - it is vulnerable and needs this fix.

Thank you for the quick reply!

- Luiz


Best regards,

valis



This is only compiled-tested though, would be good to have a confirmation
from Valis that the issue is present on 4.14 before applying.

- Luiz

diff --git a/net/sched/cls_fw.c b/net/sched/cls_fw.c
index e63f9c2e37e5..7b04b315b2bd 100644
--- a/net/sched/cls_fw.c
+++ b/net/sched/cls_fw.c
@@ -281,7 +281,6 @@ static int fw_change(struct net *net, struct sk_buff *in_skb,
                         return -ENOBUFS;

                 fnew->id = f->id;
-               fnew->res = f->res;
  #ifdef CONFIG_NET_CLS_IND
                 fnew->ifindex = f->ifindex;
  #endif /* CONFIG_NET_CLS_IND */
--
2.40.1




[Index of Archives]     [Linux Kernel]     [Kernel Development Newbies]     [Linux USB Devel]     [Video for Linux]     [Linux Audio Users]     [Yosemite Hiking]     [Linux Kernel]     [Linux SCSI]

  Powered by Linux