lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
Open Source and information security mailing list archives
| ||
|
Message-ID: <87648374-a8fe-8830-793e-eb3c15e4ac54@gmail.com> Date: Thu, 22 Sep 2022 15:22:56 -0700 From: James Smart <jsmart2021@...il.com> To: Kees Cook <keescook@...omium.org>, "James E.J. Bottomley" <jejb@...ux.ibm.com> Cc: Sachin Sant <sachinp@...ux.ibm.com>, "Martin K. Petersen" <martin.petersen@...cle.com>, linux-scsi@...r.kernel.org, linux-kernel@...r.kernel.org, linux-hardening@...r.kernel.org Subject: Re: [PATCH] scsi: scsi_transport_fc: Adjust struct fc_nl_event flex array usage On 9/21/2022 1:51 PM, Kees Cook wrote: > In order to help the compiler reason about the destination buffer in > struct fc_nl_event, add a flexible array member for this purpose. > However, since the header is UAPI, it must not change size or layout, so > a union is used. > > The allocation size calculations are also corrected (it was potentially > allocating an extra 8 bytes), and the padding is zeroed to avoid leaking > kernel heap memory contents. > > Detected at run-time by the recently added memcpy() bounds checking: > > memcpy: detected field-spanning write (size 8) of single field "&event->event_data" at drivers/scsi/scsi_transport_fc.c:581 (size 4) > > Reported-by: Sachin Sant <sachinp@...ux.ibm.com> > Link: https://lore.kernel.org/linux-next/42404B5E-198B-4FD3-94D6-5E16CF579EF3@linux.ibm.com/ > Cc: "James E.J. Bottomley" <jejb@...ux.ibm.com> > Cc: "Martin K. Petersen" <martin.petersen@...cle.com> > Cc: linux-scsi@...r.kernel.org > Signed-off-by: Kees Cook <keescook@...omium.org> > --- Kinda crazy way to resolve it, but looks fine. Reviewed-by: James Smart <jsmart2021@...il.com> -- james
Powered by blists - more mailing lists