On 2019/2/25 21:43, Herbert Xu wrote:
> On Mon, Feb 25, 2019 at 05:56:00PM +0800, Yue Haibing wrote:
>>
>> the check. Then __xfrm_policy_unlink use the index to access array
>> policy_count
>> whose size is XFRM_POLICY_MAX * 2, triggering out of bounds access.
>
> No it doesn't. Even if it did t
On Mon, Feb 25, 2019 at 05:56:00PM +0800, Yue Haibing wrote:
>
> the check. Then __xfrm_policy_unlink use the index to access array
> policy_count
> whose size is XFRM_POLICY_MAX * 2, triggering out of bounds access.
No it doesn't. Even if it did the bug would be in __xfrm_policy_unlink
and not
From: YueHaibing
UBSAN report this:
UBSAN: Undefined behaviour in net/xfrm/xfrm_policy.c:1289:24
index 6 is out of range for type 'unsigned int [6]'
CPU: 1 PID: 0 Comm: swapper/1 Not tainted 4.4.162-514.55.6.9.x86_64+ #13
Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS 1.10.2-1ubuntu
