lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [<thread-prev] [day] [month] [year] [list]
Message-ID: <f6e1b7990907270859l65f84d8bm4712f6d82d9a688a@mail.gmail.com>
Date:	Mon, 27 Jul 2009 09:59:18 -0600
From:	Abhishek Kulkarni <adkulkar@...il.iu.edu>
To:	linux-kernel@...r.kernel.org
Cc:	v9fs-developer@...ts.sourceforge.net, netdev@...r.kernel.org
Subject: Re: [PATCH] net/9p: Insulate the client against an invalid error code 
	sent by a 9p server.

Adding netdev to Cc.
---

A looney tunes server sending an invalid error code (which is !IS_ERR_VALUE)
can result in a client oops. So fix it by adding a check and converting unknown
or invalid error codes to -ESERVERFAULT.

Signed-off-by: Abhishek Kulkarni <adkulkar@...il.iu.edu>
---
:100644 100644 787ccdd... c9a5bf9... M	net/9p/client.c
:100644 100644 fdebe43... 5251851... M	net/9p/error.c
 net/9p/client.c |    7 +------
 net/9p/error.c  |    2 +-
 2 files changed, 2 insertions(+), 7 deletions(-)

diff --git a/net/9p/client.c b/net/9p/client.c
index 787ccdd..c9a5bf9 100644
--- a/net/9p/client.c
+++ b/net/9p/client.c
@@ -411,14 +411,9 @@ static int p9_check_errors(struct p9_client *c,
struct p9_req_t *req)
 		if (c->dotu)
 			err = -ecode;

-		if (!err) {
+		if (!err || !IS_ERR_VALUE(err))
 			err = p9_errstr2errno(ename, strlen(ename));

-			/* string match failed */
-			if (!err)
-				err = -ESERVERFAULT;
-		}
-
 		P9_DPRINTK(P9_DEBUG_9P, "<<< RERROR (%d) %s\n", -ecode, ename);

 		kfree(ename);
diff --git a/net/9p/error.c b/net/9p/error.c
index fdebe43..5251851 100644
--- a/net/9p/error.c
+++ b/net/9p/error.c
@@ -239,7 +239,7 @@ int p9_errstr2errno(char *errstr, int len)
 		errstr[len] = 0;
 		printk(KERN_ERR "%s: server reported unknown error %s\n",
 			__func__, errstr);
-		errno = 1;
+		errno = ESERVERFAULT;
 	}

 	return -errno;
-- 
1.6.0.4


On Mon, Jul 27, 2009 at 9:14 AM, Abhishek Kulkarni<adkulkar@...il.iu.edu> wrote:
> A looney tunes server sending an invalid error code (which is !IS_ERR_VALUE)
> can result in a client oops. So fix it by adding a check and converting unknown
> or invalid error codes to -ESERVERFAULT.
>
> Signed-off-by: Abhishek Kulkarni <adkulkar@...il.iu.edu>
> ---
> :100644 100644 787ccdd... c9a5bf9... M  net/9p/client.c
> :100644 100644 fdebe43... 5251851... M  net/9p/error.c
>  net/9p/client.c |    7 +------
>  net/9p/error.c  |    2 +-
>  2 files changed, 2 insertions(+), 7 deletions(-)
>
> diff --git a/net/9p/client.c b/net/9p/client.c
> index 787ccdd..c9a5bf9 100644
> --- a/net/9p/client.c
> +++ b/net/9p/client.c
> @@ -411,14 +411,9 @@ static int p9_check_errors(struct p9_client *c, struct p9_req_t *req)
>                if (c->dotu)
>                        err = -ecode;
>
> -               if (!err) {
> +               if (!err || !IS_ERR_VALUE(err))
>                        err = p9_errstr2errno(ename, strlen(ename));
>
> -                       /* string match failed */
> -                       if (!err)
> -                               err = -ESERVERFAULT;
> -               }
> -
>                P9_DPRINTK(P9_DEBUG_9P, "<<< RERROR (%d) %s\n", -ecode, ename);
>
>                kfree(ename);
> diff --git a/net/9p/error.c b/net/9p/error.c
> index fdebe43..5251851 100644
> --- a/net/9p/error.c
> +++ b/net/9p/error.c
> @@ -239,7 +239,7 @@ int p9_errstr2errno(char *errstr, int len)
>                errstr[len] = 0;
>                printk(KERN_ERR "%s: server reported unknown error %s\n",
>                        __func__, errstr);
> -               errno = 1;
> +               errno = ESERVERFAULT;
>        }
>
>        return -errno;
> --
> 1.6.0.4
>
>
--
To unsubscribe from this list: send the line "unsubscribe linux-kernel" in
the body of a message to majordomo@...r.kernel.org
More majordomo info at  http://vger.kernel.org/majordomo-info.html
Please read the FAQ at  http://www.tux.org/lkml/

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ