Re: [PATCH] vxlan: fix a out of bounds access in __vxlan_find_mac

[PATCH] vxlan: fix a out of bounds access in __vxlan_find_mac · <hidden> · 2016-01-29
Re: [PATCH] vxlan: fix a out of bounds access in __vxlan_find_mac · Cong Wang <hidden> · 2016-01-29
Re: [PATCH] vxlan: fix a out of bounds access in __vxlan_find_mac · Eric Dumazet <hidden> · 2016-01-29
Re: [PATCH] vxlan: fix a out of bounds access in __vxlan_find_mac · Cong Wang <hidden> · 2016-01-29
Re: [PATCH] vxlan: fix a out of bounds access in __vxlan_find_mac · Eric Dumazet <hidden> · 2016-01-29
Re: [PATCH] vxlan: fix a out of bounds access in __vxlan_find_mac · David Miller <davem@davemloft.net> · 2016-01-30

From: Eric Dumazet <hidden>
Date: 2016-01-29 22:01:38

On Fri, 2016-01-29 at 13:41 -0800, Cong Wang wrote:

On Thu, Jan 28, 2016 at 5:43 PM,  [off-list ref] wrote:

quoted

From: Li RongQing <redacted>

The size of all_zeros_mac is 6 byte, but eth_hash() will access the
8 byte, and KASan reported the below bug:


Sounds like we should fix eth_hash() (macvlan has a same function),
it should not read beyond 6 bytes.

Why ? We always have at least 2 bytes following ethernet address in a
packet.

Better add these 2 bytes in all_zeros_mac[] and not slow down the hash
function.

We use same tricks in eth_type_trans()

`h`	back out one level
`j`	next message in thread
`k`	previous message in thread
`l`	drill in
`Esc`	close help / fold thread tree
`?`	toggle this help