Hello:
This patch was applied to bpf/bpf-next.git (master)
by Andrii Nakryiko <andrii@xxxxxxxxxx>:
On Tue, 15 Apr 2025 17:50:14 +0200 you wrote:
> As shown in [1], it is possible to corrupt a BPF ELF file such that
> arbitrary BPF instructions are loaded by libbpf. This can be done by
> setting a symbol (BPF program) section offset to a large (unsigned)
> number such that <section start + symbol offset> overflows and points
> before the section data in the memory.
>
> Consider the situation below where:
> - prog_start = sec_start + symbol_offset <-- size_t overflow here
> - prog_end = prog_start + prog_size
>
> [...]
Here is the summary with links:
- [bpf,v3] libbpf: Fix buffer overflow in bpf_object__init_prog
https://git.kernel.org/bpf/bpf-next/c/ee684de5c1b0
You are awesome, thank you!
--
Deet-doot-dot, I am a bot.
https://korg.docs.kernel.org/patchwork/pwbot.html
