lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [thread-next>] [day] [month] [year] [list]
Message-ID: <202308162257.F7876776C9@keescook>
Date:   Wed, 16 Aug 2023 23:09:00 -0700
From:   Kees Cook <keescook@...omium.org>
To:     "GONG, Ruiqi" <gongruiqi1@...wei.com>
Cc:     kernel test robot <lkp@...el.com>, llvm@...ts.linux.dev,
        oe-kbuild-all@...ts.linux.dev, Florian Westphal <fw@...len.de>,
        linux-hardening@...r.kernel.org
Subject: Re: [netfilter-nf-next:testing 2/9]
 ./usr/include/linux/netfilter_bridge/ebtables.h:163:26: warning: field
 'target' with variable sized type 'struct ebt_entry_target' not at the end
 of a struct or class is a GNU extension

On Thu, Aug 17, 2023 at 01:03:20PM +0800, kernel test robot wrote:
> tree:   git://git.kernel.org/pub/scm/linux/kernel/git/netfilter/nf-next.git testing
> head:   015e2d9101d3713c7bee16dccad171df04a3bbd5
> commit: 61b9e6bd48a6317c0a44ee4f3fecdec9de5baa9e [2/9] netfilter: ebtables: replace zero-length array members
> config: i386-buildonly-randconfig-r004-20230817 (https://download.01.org/0day-ci/archive/20230817/202308171249.g1ywxhII-lkp@intel.com/config)
> compiler: clang version 16.0.4 (https://github.com/llvm/llvm-project.git ae42196bc493ffe877a7e3dff8be32035dea4d07)
> reproduce: (https://download.01.org/0day-ci/archive/20230817/202308171249.g1ywxhII-lkp@intel.com/reproduce)
> 
> If you fix the issue in a separate patch/commit (i.e. not just a new version of
> the same patch/commit), kindly add following tags
> | Reported-by: kernel test robot <lkp@...el.com>
> | Closes: https://lore.kernel.org/oe-kbuild-all/202308171249.g1ywxhII-lkp@intel.com/
> 
> All warnings (new ones prefixed by >>):
> 
>    In file included from <built-in>:1:
> >> ./usr/include/linux/netfilter_bridge/ebtables.h:163:26: warning: field 'target' with variable sized type 'struct ebt_entry_target' not at the end of a struct or class is a GNU extension [-Wgnu-variable-sized-type-not-at-end]
>            struct ebt_entry_target target;
>                                    ^
>    1 warning generated.

Eww, it looks like "struct ebt_entry_target" is used _within_ another
struct:

struct ebt_standard_target {
        struct ebt_entry_target target;
        int verdict;
};

So "verdict" overlaps with the "data" FAM:

struct ebt_entry_target {
        union { 
                struct {
                        char name[EBT_EXTENSION_MAXNAMELEN];
                        __u8 revision;
                };
                struct xt_target *target;
        } u;
        /* size of data */
        unsigned int target_size;
        unsigned char data[0] __attribute__ ((aligned (__alignof__(struct ebt_replace))));
};  

These have been fixed in the past in a variety of ways -- it all depends
on how userspace is using them. In looking at Debian Code Search:
https://codesearch.debian.net/search?q=struct+ebt_standard_target&literal=1

It is exclusively doing casts and looking at the "verdict" member. So
the easiest conversion might be this:

 struct ebt_standard_target {
-       struct ebt_entry_target target;
+       unsigned char hdr[sizeof(struct ebt_entry_target)];
        int verdict;
 };

Or this might work (not tested):

diff --git a/include/uapi/linux/netfilter_bridge/ebtables.h b/include/uapi/linux/netfilter_bridge/ebtables.h
index a494cf43a755..d6f10163b14a 100644
--- a/include/uapi/linux/netfilter_bridge/ebtables.h
+++ b/include/uapi/linux/netfilter_bridge/ebtables.h
@@ -146,23 +146,25 @@ struct ebt_entry_watcher {
 };
 
 struct ebt_entry_target {
-	union {
-		struct {
-			char name[EBT_EXTENSION_MAXNAMELEN];
-			__u8 revision;
-		};
-		struct xt_target *target;
-	} u;
-	/* size of data */
-	unsigned int target_size;
-	unsigned char data[0] __attribute__ ((aligned (__alignof__(struct ebt_replace))));
+	struct ebt_entry_target_hdr {
+		union {
+			struct {
+				char name[EBT_EXTENSION_MAXNAMELEN];
+				__u8 revision;
+			};
+			struct xt_target *target;
+		} u;
+		/* size of data */
+		unsigned int target_size;
+	};
+	unsigned char data[] __attribute__ ((aligned (__alignof__(struct ebt_replace))));
 };
 
 #define EBT_STANDARD_TARGET "standard"
 struct ebt_standard_target {
-	struct ebt_entry_target target;
-	int verdict;
+	struct ebt_entry_target_hdr target;
+	int verdict __attribute__ ((aligned (__alignof__(struct ebt_replace))));
 };
 
 /* one entry */


-- 
Kees Cook

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ