lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [<thread-prev] [day] [month] [year] [list]
Message-ID: <db78155a-65c1-455b-aaaf-0463b17009f5@embeddedor.com>
Date: Wed, 27 Mar 2024 15:23:32 -0600
From: "Gustavo A. R. Silva" <gustavo@...eddedor.com>
To: Jeff Johnson <quic_jjohnson@...cinc.com>,
 "Gustavo A. R. Silva" <gustavoars@...nel.org>, Kalle Valo <kvalo@...nel.org>
Cc: linux-wireless@...r.kernel.org, linux-kernel@...r.kernel.org,
 linux-hardening@...r.kernel.org
Subject: Re: [PATCH][next] wifi: cfg80211: Use __counted_by() in struct
 wmi_start_scan_cmd and avoid -Wfamnae warning


>> -	memset(&cmd, 0, sizeof(cmd));
>> -	cmd.cmd.scan_type = WMI_ACTIVE_SCAN;
>> -	cmd.cmd.num_channels = 0;
>> +	memset(cmd, 0, sizeof(*cmd));
> 
> Isn't this unnecessary since DEFINE_FLEX() logic "{ .obj.COUNTER = COUNT, }"
> should result in everything else being zeroed?
> 
> And if that isn't sufficient, DEFINE_FLEX() itself says we should "Use
> __struct_size(@NAME) to get compile-time size of it afterwards"
> 
> Note the current memset won't zero the flex array and hence if the actual
> number of channels is less than 4 then kernel stack contents could be exposed
> to firmware.

Yes, that's correct. The current memset() will only zero out a total of
sizeof(struct wmi_start_scan_cmd) bytes, which of course doesn't include
the flex-array member.

Thanks for the review, I'll remove that line!

--
Gustavo


Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ