lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
Open Source and information security mailing list archives
| ||
|
Date: Thu, 31 May 2018 11:07:58 +0200 From: Florian Westphal <fw@...len.de> To: Greg Kroah-Hartman <gregkh@...uxfoundation.org> Cc: Florian Westphal <fw@...len.de>, peter pi <tiangangpi@...il.com>, Jan Engelhardt <jengelh@...i.de>, Eric Dumazet <eric.dumazet@...il.com>, Greg Hackmann <ghackmann@...gle.com>, Pablo Neira Ayuso <pablo@...filter.org>, Jozsef Kadlecsik <kadlec@...ckhole.kfki.hu>, Michal Kubecek <mkubecek@...e.cz>, netfilter-devel@...r.kernel.org, coreteam@...filter.org, netdev@...r.kernel.org Subject: Re: [PATCH v2] netfilter: properly initialize xt_table_info structure Greg Kroah-Hartman <gregkh@...uxfoundation.org> wrote: > On Thu, May 31, 2018 at 10:24:36AM +0200, Florian Westphal wrote: > > peter pi <tiangangpi@...il.com> wrote: > > > Hi Greg, I applied this patch on 4.4 and tested it on my Pixel 2, it seems > > > the problem still exists, > > > > What is the problem exactly? > > The problem is that kernel data is being sent to userspace due to an > uncleared buffer that was allocated and then copied to userspace. This > can be reproduced by dumping the current set of iptables rules. Peter > had an example reproducing script that he used to specifically show > this. Peter, can you provide that? > > I thought that initializing this buffer to zero would solve the problem, > but I guess I cleared the wrong buffer :( Never mind, this test was on 4.4 not 4.14. But even on 4.14 i don't see how zeroing a buffer that will be filled via copy_from_user would help.
Powered by blists - more mailing lists