Received: by 2002:a05:6358:11c7:b0:104:8066:f915 with SMTP id i7csp362242rwl;
        Wed, 5 Apr 2023 01:34:06 -0700 (PDT)
X-Google-Smtp-Source: AKy350a+i4gr5jZ8fnILumHILAEHKtiTUIOs55eNAKpBtGjvoWT2FhV6jG3byp/PWDsq9VBgT0Dg
X-Received: by 2002:a17:906:5e06:b0:945:2f54:5eae with SMTP id n6-20020a1709065e0600b009452f545eaemr2039212eju.77.1680683646236;
        Wed, 05 Apr 2023 01:34:06 -0700 (PDT)
ARC-Seal: i=1; a=rsa-sha256; t=1680683646; cv=none;
        d=google.com; s=arc-20160816;
        b=iFylA1SimnAwYehsWsSl83TKr07ALZYfpR+rquoo/naKNK3nvFnUvapsBUAxX2Lna2
         rnV3y1BgTPH5SSQaBWv20EBsBpKNhtYb0yBQkhOxqQz4lQCTGCtAsNrmabzMKn7Rhejq
         AwJOjn2Pq5u7MTH3WMcMMRfaPOmnQfrVeM6SuvKaHrmAZdhq64h8nbwCAYACro2/OxRt
         QdOPufLlnUFMbnWDctuDyaVv1sNjllNt3BfQqtyDBE+6gfxEAcEDo0toDScZJ58Gxoqv
         ie236R3LWZbnBCQzIRAZ0o0CvignOPskl2qgYqQBeqcVergYAj9LMNfo+4MbBAAIeQv0
         dZbw==
ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816;
        h=list-id:precedence:in-reply-to:content-disposition:mime-version
         :references:message-id:subject:cc:to:from:date;
        bh=F5fXExt5Fd2mKYsM/1rjkNi5mhl6yWKAQazYDu5DU9E=;
        b=AfGHvmuhP/DG9doYNIdrkMfc+5G1utltUkt9v0aGWiyRZHJXFL23JMBm1kxDHkll53
         kh5fcnaGOVW9bLVI+dxgiy+48LN+Sj8uLcf07lUOCVkLVLlxHM6nJPYW7hahZ24H70qv
         Eym7iIFbHEtvvNlM2hjSSMtSBG6udI533Osr0jp+G9W+B+wFGK4x5Dk85JNNyixUoz7Q
         5WuT9kfuK7UCZo6Nms9isNrAYhwbgN9ekKhu/upGHKA8FoMWKHepzxg4OvIF1QvOKhjm
         +ml9pgDCwRW/JwKFgwRpWKGnlqH2kFDZ4U4+x+VGHJJtlc6mH6MB/FqidypeL7sIjXRk
         J6fQ==
ARC-Authentication-Results: i=1; mx.google.com;
       spf=pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 2620:137:e000::1:20 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org
Return-Path: <linux-kernel-owner@vger.kernel.org>
Received: from out1.vger.email (out1.vger.email. [2620:137:e000::1:20])
        by mx.google.com with ESMTP id e12-20020a170906080c00b00939577d1dbbsi1870722ejd.73.2023.04.05.01.33.41;
        Wed, 05 Apr 2023 01:34:06 -0700 (PDT)
Received-SPF: pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 2620:137:e000::1:20 as permitted sender) client-ip=2620:137:e000::1:20;
Authentication-Results: mx.google.com;
       spf=pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 2620:137:e000::1:20 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org
Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand
        id S237482AbjDEIYR (ORCPT <rfc822;anothersharkwizard@gmail.com>
        + 99 others); Wed, 5 Apr 2023 04:24:17 -0400
Received: from lindbergh.monkeyblade.net ([23.128.96.19]:46408 "EHLO
        lindbergh.monkeyblade.net" rhost-flags-OK-OK-OK-OK) by vger.kernel.org
        with ESMTP id S237332AbjDEIYP (ORCPT
        <rfc822;linux-kernel@vger.kernel.org>);
        Wed, 5 Apr 2023 04:24:15 -0400
Received: from metis.ext.pengutronix.de (metis.ext.pengutronix.de [IPv6:2001:67c:670:201:290:27ff:fe1d:cc33])
        by lindbergh.monkeyblade.net (Postfix) with ESMTPS id 4E53526B8
        for <linux-kernel@vger.kernel.org>; Wed,  5 Apr 2023 01:24:13 -0700 (PDT)
Received: from moin.white.stw.pengutronix.de ([2a0a:edc0:0:b01:1d::7b] helo=bjornoya.blackshift.org)
        by metis.ext.pengutronix.de with esmtps (TLS1.3:ECDHE_RSA_AES_256_GCM_SHA384:256)
        (Exim 4.92)
        (envelope-from <mkl@pengutronix.de>)
        id 1pjyR6-0004QA-P7; Wed, 05 Apr 2023 10:24:08 +0200
Received: from pengutronix.de (unknown [172.20.34.65])
        (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits)
         key-exchange ECDHE (prime256v1) server-signature RSA-PSS (4096 bits) server-digest SHA256)
        (Client did not present a certificate)
        (Authenticated sender: mkl-all@blackshift.org)
        by smtp.blackshift.org (Postfix) with ESMTPSA id 3E3E81A7068;
        Wed,  5 Apr 2023 08:24:04 +0000 (UTC)
Date:   Wed, 5 Apr 2023 10:24:03 +0200
From:   Marc Kleine-Budde <mkl@pengutronix.de>
To:     Oleksij Rempel <o.rempel@pengutronix.de>
Cc:     Robin van der Gracht <robin@protonic.nl>,
        Oliver Hartkopp <socketcan@hartkopp.net>,
        Shuangpeng Bai <sjb7183@psu.edu>, kernel@pengutronix.de,
        linux-can@vger.kernel.org, linux-kernel@vger.kernel.org
Subject: Re: [PATCH v1] net: can: j1939: Fix out-of-bounds memory access in
 j1939_tp_tx_dat_new
Message-ID: <20230405-backlit-unscathed-fab6044bdc4c@pengutronix.de>
References: <20230404073128.3173900-1-o.rempel@pengutronix.de>
MIME-Version: 1.0
Content-Type: multipart/signed; micalg=pgp-sha512;
        protocol="application/pgp-signature"; boundary="4l7fptulstbh7cod"
Content-Disposition: inline
In-Reply-To: <20230404073128.3173900-1-o.rempel@pengutronix.de>
X-SA-Exim-Connect-IP: 2a0a:edc0:0:b01:1d::7b
X-SA-Exim-Mail-From: mkl@pengutronix.de
X-SA-Exim-Scanned: No (on metis.ext.pengutronix.de); SAEximRunCond expanded to false
X-PTX-Original-Recipient: linux-kernel@vger.kernel.org
X-Spam-Status: No, score=-2.3 required=5.0 tests=RCVD_IN_DNSWL_MED,
        SPF_HELO_NONE,SPF_PASS autolearn=unavailable autolearn_force=no
        version=3.4.6
X-Spam-Checker-Version: SpamAssassin 3.4.6 (2021-04-09) on
        lindbergh.monkeyblade.net
Precedence: bulk
List-ID: <linux-kernel.vger.kernel.org>
X-Mailing-List: linux-kernel@vger.kernel.org


--4l7fptulstbh7cod
Content-Type: text/plain; charset=utf-8
Content-Disposition: inline
Content-Transfer-Encoding: quoted-printable

On 04.04.2023 09:31:28, Oleksij Rempel wrote:
> In the j1939_tp_tx_dat_new function, an out-of-bounds memory access
> could occur during the memcpy operation if the size of skb->cb is
> larger than the size of struct j1939_sk_buff_cb. This is because the
> memcpy operation uses the size of skb->cb, leading to a read beyond
> the struct j1939_sk_buff_cb.
>=20
> To address this issue, we have updated the memcpy operation to use the
> size of struct j1939_sk_buff_cb instead of the size of skb->cb. This
> ensures that the memcpy operation only reads the memory within the
> bounds of struct j1939_sk_buff_cb, preventing out-of-bounds memory
> access.
>=20
> Additionally, a static_assert has been added to check that the size of
> skb->cb is greater than or equal to the size of struct j1939_sk_buff_cb.
> This ensures that the skb->cb buffer is large enough to hold the
> j1939_sk_buff_cb structure.
>=20
> Fixes: 9d71dd0c7009 ("can: add support of SAE J1939 protocol")
> Reported-by: Shuangpeng Bai <sjb7183@psu.edu>
> Tested-by: Shuangpeng Bai <sjb7183@psu.edu>
> Signed-off-by: Oleksij Rempel <o.rempel@pengutronix.de>

Applied.

regards,
Marc

--=20
Pengutronix e.K.                 | Marc Kleine-Budde          |
Embedded Linux                   | https://www.pengutronix.de |
Vertretung N=C3=BCrnberg              | Phone: +49-5121-206917-129 |
Amtsgericht Hildesheim, HRA 2686 | Fax:   +49-5121-206917-9   |

--4l7fptulstbh7cod
Content-Type: application/pgp-signature; name="signature.asc"

-----BEGIN PGP SIGNATURE-----

iQEzBAABCgAdFiEEDs2BvajyNKlf9TJQvlAcSiqKBOgFAmQtMCAACgkQvlAcSiqK
BOjssAf+O9dv5x401qELD8L9Ah8/YlghfKAAA3rx9N8lJHSPIH97AjLbklcPLzTc
Jmxi/SMQm0/RfKMkyFqHNxuv0xM0N41xFNNmjHR22PmS39TFIe5xtOdEEBccMZ2X
22tUOXM7fXGLBQmeTlepA8JJxnoBUXQ2UQlsCAlAQboyQ1HIvAJHd/68jS96jz47
zGVs8clal7jvE5kPVjxckgTotvOePCh/RB/AznSpq5Z1Fhc1sKVnG2InfJbI5QpQ
BMBGU4HbRtQBuV50B5X8HiT2fJzwR05zQJHSQ/2OM+uoFts/yQOwceckWh4qGgjg
cz73S0O0SfIWB/CSNUMWpsD/1j8sIw==
=3uI+
-----END PGP SIGNATURE-----

--4l7fptulstbh7cod--