On 1/7/19 9:38 PM, David Miller wrote:
> From: Ying Xue
> Date: Mon, 7 Jan 2019 19:29:52 +0800
>
>> This is because lc->name string is not validated before it's used.
>
> It looks like we have several situations like this, not just this one.
>
> For example, tipc_nl_compat_bearer_{enable,disabl
On Mon, Jan 7, 2019 at 2:38 PM David Miller wrote:
>
> From: Ying Xue
> Date: Mon, 7 Jan 2019 19:29:52 +0800
>
> > This is because lc->name string is not validated before it's used.
>
> It looks like we have several situations like this, not just this one.
>
> For example, tipc_nl_compat_bearer_{
From: Ying Xue
Date: Mon, 7 Jan 2019 19:29:52 +0800
> This is because lc->name string is not validated before it's used.
It looks like we have several situations like this, not just this one.
For example, tipc_nl_compat_bearer_{enable,disable}() with b->name.
Next, tipc_nl_compat_media_set() a
syzbot reports following splat:
BUG: KMSAN: uninit-value in strlen+0x3b/0xa0 lib/string.c:486
CPU: 1 PID: 9306 Comm: syz-executor172 Not tainted 4.20.0-rc7+ #2
Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS
Google 01/01/2011
Call Trace:
__dump_stack lib/dump_stack.c:77 [
