lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
Open Source and information security mailing list archives
| ||
|
Message-ID: <37d2d198-d9e7-3427-af4f-05ac42c38ede@embeddedor.com> Date: Wed, 4 Oct 2023 01:38:50 +0200 From: "Gustavo A. R. Silva" <gustavo@...eddedor.com> To: Kees Cook <keescook@...omium.org>, Steffen Klassert <steffen.klassert@...unet.com> Cc: Herbert Xu <herbert@...dor.apana.org.au>, "David S. Miller" <davem@...emloft.net>, netdev@...r.kernel.org, "Gustavo A. R. Silva" <gustavoars@...nel.org>, Nathan Chancellor <nathan@...nel.org>, Nick Desaulniers <ndesaulniers@...gle.com>, Tom Rix <trix@...hat.com>, linux-kernel@...r.kernel.org, linux-hardening@...r.kernel.org, llvm@...ts.linux.dev Subject: Re: [PATCH] xfrm: Annotate struct xfrm_sec_ctx with __counted_by On 10/4/23 01:18, Kees Cook wrote: > Prepare for the coming implementation by GCC and Clang of the __counted_by > attribute. Flexible array members annotated with __counted_by can have > their accesses bounds-checked at run-time via CONFIG_UBSAN_BOUNDS (for > array indexing) and CONFIG_FORTIFY_SOURCE (for strcpy/memcpy-family > functions). > > As found with Coccinelle[1], add __counted_by for struct xfrm_sec_ctx. > > Cc: Steffen Klassert <steffen.klassert@...unet.com> > Cc: Herbert Xu <herbert@...dor.apana.org.au> > Cc: "David S. Miller" <davem@...emloft.net> > Cc: netdev@...r.kernel.org > Link: https://github.com/kees/kernel-tools/blob/trunk/coccinelle/examples/counted_by.cocci [1] > Signed-off-by: Kees Cook <keescook@...omium.org> Reviewed-by: Gustavo A. R. Silva <gustavoars@...nel.org> Thanks -- Gustavo > --- > include/uapi/linux/xfrm.h | 3 ++- > 1 file changed, 2 insertions(+), 1 deletion(-) > > diff --git a/include/uapi/linux/xfrm.h b/include/uapi/linux/xfrm.h > index 23543c33fee8..6a77328be114 100644 > --- a/include/uapi/linux/xfrm.h > +++ b/include/uapi/linux/xfrm.h > @@ -4,6 +4,7 @@ > > #include <linux/in6.h> > #include <linux/types.h> > +#include <linux/stddef.h> > > /* All of the structures in this file may not change size as they are > * passed into the kernel from userspace via netlink sockets. > @@ -33,7 +34,7 @@ struct xfrm_sec_ctx { > __u8 ctx_alg; > __u16 ctx_len; > __u32 ctx_sid; > - char ctx_str[]; > + char ctx_str[] __counted_by(ctx_len); > }; > > /* Security Context Domains of Interpretation */
Powered by blists - more mailing lists