| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
Message-ID: <1bd7df33fd484d1da656238f792bd6f7@AcuMS.aculab.com>
Date: Fri, 18 Jun 2021 08:42:16 +0000
From: David Laight <David.Laight@...LAB.COM>
To: 'Kees Cook' <keescook@...omium.org>,
"netdev@...r.kernel.org" <netdev@...r.kernel.org>
CC: Johannes Berg <johannes@...solutions.net>,
"David S. Miller" <davem@...emloft.net>,
Jakub Kicinski <kuba@...nel.org>,
"linux-kernel@...r.kernel.org" <linux-kernel@...r.kernel.org>,
"linux-wireless@...r.kernel.org" <linux-wireless@...r.kernel.org>,
"linux-hardening@...r.kernel.org" <linux-hardening@...r.kernel.org>
Subject: RE: [PATCH] mac80211: Recast pointer for trailing memcpy()
From: Kees Cook
> Sent: 17 June 2021 05:27
>
> In preparation for FORTIFY_SOURCE performing compile-time and run-time
> field bounds checking for memcpy(), memmove(), and memset(), avoid
> intentionally writing across neighboring array fields.
>
> Give memcpy() a specific source pointer type so it can correctly
> calculate the bounds of the copy.
Doesn't the necessity of this sort of patch just sidestep the
run-time checking and really indicate that it is just a complete
waste of cpu resources?
I bet code changes to avoid/fix the reported errors will
introduce more bugs than the test itself will really find.
David
-
Registered Address Lakeside, Bramley Road, Mount Farm, Milton Keynes, MK1 1PT, UK
Registration No: 1397386 (Wales)
Powered by blists - more mailing lists