lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list]
Message-ID: <Yd/tSpnpb4vWp6OP@kroah.com>
Date:   Thu, 13 Jan 2022 10:13:46 +0100
From:   Greg Kroah-Hartman <gregkh@...uxfoundation.org>
To:     Kees Cook <keescook@...omium.org>
Cc:     Larry Finger <Larry.Finger@...inger.net>,
        Phillip Potter <phil@...lpotter.co.uk>,
        Michael Straube <straube.linux@...il.com>,
        Fabio Aiuto <fabioaiuto83@...il.com>,
        linux-staging@...ts.linux.dev, Hans de Goede <hdegoede@...hat.com>,
        Dan Carpenter <dan.carpenter@...cle.com>,
        Marco Cesati <marcocesati@...il.com>,
        linux-kernel@...r.kernel.org, linux-hardening@...r.kernel.org
Subject: Re: [PATCH] staging: rtl8723bs: Check for NULL header value

On Wed, Jan 12, 2022 at 04:20:01PM -0800, Kees Cook wrote:
> When building with -Warray-bounds, the following warning is emitted:
> 
> In file included from ./include/linux/string.h:253,
>                  from ./arch/x86/include/asm/page_32.h:22,
>                  from ./arch/x86/include/asm/page.h:14,
>                  from ./arch/x86/include/asm/thread_info.h:12,
>                  from ./include/linux/thread_info.h:60,
>                  from ./arch/x86/include/asm/preempt.h:7,
>                  from ./include/linux/preempt.h:78,
>                  from ./include/linux/rcupdate.h:27,
>                  from ./include/linux/rculist.h:11,
>                  from ./include/linux/sched/signal.h:5,
>                  from ./drivers/staging/rtl8723bs/include/drv_types.h:17,
>                  from drivers/staging/rtl8723bs/core/rtw_recv.c:7:
> In function 'memcpy',
>     inlined from 'wlanhdr_to_ethhdr' at drivers/staging/rtl8723bs/core/rtw_recv.c:1554:2:
> ./include/linux/fortify-string.h:41:33: warning: '__builtin_memcpy' offset [0, 5] is out of the bounds [0, 0] [-Warray-bounds]
>    41 | #define __underlying_memcpy     __builtin_memcpy
>       |                                 ^
> 
> This is because the compiler sees it is possible for "ptr" to be a NULL
> value, and concludes that it has zero size and attempts to copy to it
> would overflow. Instead, detect the NULL return and error out early.
> 
> Cc: Larry Finger <Larry.Finger@...inger.net>
> Cc: Phillip Potter <phil@...lpotter.co.uk>
> Cc: Greg Kroah-Hartman <gregkh@...uxfoundation.org>
> Cc: Michael Straube <straube.linux@...il.com>
> Cc: Fabio Aiuto <fabioaiuto83@...il.com>
> Cc: linux-staging@...ts.linux.dev
> Signed-off-by: Kees Cook <keescook@...omium.org>
> ---
>  drivers/staging/rtl8723bs/core/rtw_recv.c | 3 +++
>  1 file changed, 3 insertions(+)
> 
> diff --git a/drivers/staging/rtl8723bs/core/rtw_recv.c b/drivers/staging/rtl8723bs/core/rtw_recv.c
> index 41bfca549c64..61135c49322b 100644
> --- a/drivers/staging/rtl8723bs/core/rtw_recv.c
> +++ b/drivers/staging/rtl8723bs/core/rtw_recv.c
> @@ -1513,6 +1513,9 @@ static signed int wlanhdr_to_ethhdr(union recv_frame *precvframe)
>  	u8 *ptr = get_recvframe_data(precvframe) ; /*  point to frame_ctrl field */
>  	struct rx_pkt_attrib *pattrib = &precvframe->u.hdr.attrib;
>  
> +	if (!ptr)
> +		return _FAIL;

This will never happen, so let's not paper over compiler issues with
stuff like this please.

As the call to get_recvframe_data() is only done in one place in this
driver (in all drivers that look like this as well), it can just be
replaced with the real code instead of the nonsensical test for NULL and
then the compiler should be happy.

I'll gladly take that fix instead of this one, as that would be the
correct solution here.

thanks,

greg k-h

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ