| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
Date: Fri, 3 Mar 2023 16:19:51 +0100
From: Alexander Lobakin <aleksander.lobakin@...el.com>
To: Kees Cook <keescook@...omium.org>
CC: Joel Fernandes <joel@...lfernandes.org>,
Jakub Kicinski <kuba@...nel.org>, <stable@...r.kernel.org>,
Masahiro Yamada <yamada.masahiro@...ionext.com>,
Greg Kroah-Hartman <gregkh@...uxfoundation.org>,
<linux-kernel@...r.kernel.org>, <linux-hardening@...r.kernel.org>
Subject: Re: [PATCH] kheaders: Use array declaration instead of char
From: Kees Cook <keescook@...omium.org>
Date: Thu, 2 Mar 2023 14:49:50 -0800
> Under CONFIG_FORTIFY_SOURCE, memcpy() will check the size of destination
> and source buffers. Defining kernel_headers_data as "char" would trip
> this check. Since these addresses are treated as byte arrays, define
> them as arrays (as done everywhere else).
Yet another array-as-one-char, I wonder how many are still here...
>
> This was seen with:
>
> $ cat /sys/kernel/kheaders.tar.xz >> /dev/null
>
> detected buffer overflow in memcpy
> kernel BUG at lib/string_helpers.c:1027!
> ...
> RIP: 0010:fortify_panic+0xf/0x20
> [...]
> Call Trace:
> <TASK>
> ikheaders_read+0x45/0x50 [kheaders]
> kernfs_fop_read_iter+0x1a4/0x2f0
> ...
>
> Reported-by: Jakub Kicinski <kuba@...nel.org>
> Link: https://lore.kernel.org/bpf/20230302112130.6e402a98@kernel.org/
> Tested-by: Jakub Kicinski <kuba@...nel.org>
> Fixes: 43d8ce9d65a5 ("Provide in-kernel headers to make extending kernel easier")
> Cc: Joel Fernandes (Google) <joel@...lfernandes.org>
> Cc: stable@...r.kernel.org
> Signed-off-by: Kees Cook <keescook@...omium.org>
Reviewed-by: Alexander Lobakin <aleksander.lobakin@...el.com>
> ---
> kernel/kheaders.c | 10 +++++-----
> 1 file changed, 5 insertions(+), 5 deletions(-)
[...]
Thanks,
Olek
Powered by blists - more mailing lists