Re: [PATCH net v2] batman-adv: fix OOB read/write in network-coding decode

31 Aug 2025


      On Sun, 31 Aug 2025 16:56:23 +0200, Stanislav Fort wrote:
...
batadv_nc_skb_decode_packet() trusts coded_len and checks only against
skb->len. XOR starts at sizeof(struct batadv_unicast_packet), reducing
payload headroom, and the source skb length is not verified, allowing an
out-of-bounds read and a small out-of-bounds write.
Validate that coded_len fits within the payload area of both destination
and source sk_buffs before XORing.
[...]
Applied, thanks!
[1/1] batman-adv: fix OOB read/write in network-coding decode
      https://git.open-mesh.org/linux-merge.git/commit/?h=batadv/net&id=d77b6f...
Best regards,
-- 
Sven Eckelmann sven@narfation.org

2025

2024

2023

2022

2021

2020

2019

2018

2017

Re: [PATCH net v2] batman-adv: fix OOB read/write in network-coding decode