| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
Date: Tue, 28 Jan 2014 12:51:08 -0800 From: Kees Cook <keescook@...omium.org> To: Ryan Mallon <rmallon@...il.com> Cc: LKML <linux-kernel@...r.kernel.org>, Andrew Morton <akpm@...ux-foundation.org>, Jiri Kosina <jkosina@...e.cz>, Joe Perches <joe@...ches.com>, Al Viro <viro@...iv.linux.org.uk>, Olof Johansson <olof@...om.net>, Stepan Moskovchenko <stepanm@...eaurora.org>, Daniel Borkmann <dborkman@...hat.com> Subject: Re: [PATCH] vsprintf: ignore arguments to %n On Mon, Jan 27, 2014 at 5:02 PM, Ryan Mallon <rmallon@...il.com> wrote: > On 28/01/14 11:39, Kees Cook wrote: >> If arguments are consumed without output when encountering %n, it >> could be used to benefit or improve information leak attacks that were >> exposed via a limited size buffer. Since %n is not used by the kernel, >> there is no reason to make an info leak attack any easier. > > I was thinking more like the following. Print the warning if %n is > detected in format_decode(), but otherwise just remove the handling of > %n outright and treat it like any other invalid format specifier. > Something like this completely untested patch. Thoughts? I'd be totally fine with it. Minor typo in the comment before the WARN_ONCE (should be "its" instead of "it"), but otherwise looks good. Consider it: Acked-by: Kees Cook <keescook@...omium.org> It builds and boots fine for me, FWIW. -Kees -- Kees Cook Chrome OS Security -- To unsubscribe from this list: send the line "unsubscribe linux-kernel" in the body of a message to majordomo@...r.kernel.org More majordomo info at http://vger.kernel.org/majordomo-info.html Please read the FAQ at http://www.tux.org/lkml/
Powered by blists - more mailing lists