| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
Date: Thu, 1 Sep 2022 14:34:23 -0700
From: Jakub Kicinski <kuba@...nel.org>
To: Kees Cook <keescook@...omium.org>
Cc: Pablo Neira Ayuso <pablo@...filter.org>,
Jozsef Kadlecsik <kadlec@...filter.org>,
Florian Westphal <fw@...len.de>,
"David S. Miller" <davem@...emloft.net>,
Eric Dumazet <edumazet@...gle.com>,
Paolo Abeni <pabeni@...hat.com>,
syzbot <syzkaller@...glegroups.com>,
netfilter-devel@...r.kernel.org, coreteam@...filter.org,
netdev@...r.kernel.org,
Harshit Mogalapalli <harshit.m.mogalapalli@...cle.com>,
linux-kernel@...r.kernel.org, linux-hardening@...r.kernel.org
Subject: Re: [PATCH v3] netlink: Bounds-check struct nlmsgerr creation
On Thu, 1 Sep 2022 00:13:36 -0700 Kees Cook wrote:
> rep = __nlmsg_put(skb, NETLINK_CB(in_skb).portid, nlh->nlmsg_seq,
> NLMSG_ERROR, payload, flags);
All we should need here is __nlmsg_put() -> nlmsg_put(),
that's idiomatic for netlink.
> errmsg = nlmsg_data(rep);
> errmsg->error = err;
> - memcpy(&errmsg->msg, nlh, payload > sizeof(*errmsg) ? nlh->nlmsg_len : sizeof(*nlh));
> + unsafe_memcpy(&errmsg->msg, nlh, payload > sizeof(*errmsg)
> + ? nlh->nlmsg_len : sizeof(*nlh),
> + /* "payload" was bounds checked against nlh->nlmsg_len,
> + * and overflow-checked as tlvlen was constructed.
> + */);
Powered by blists - more mailing lists