lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
Open Source and information security mailing list archives
| ||
|
Date: Tue, 23 Nov 2010 22:01:11 +0800 From: Américo Wang <xiyou.wangcong@...il.com> To: Eric Dumazet <eric.dumazet@...il.com> Cc: Andrew Morton <akpm@...ux-foundation.org>, Vasiliy Kulikov <segoon@...nwall.com>, Andreas Dilger <adilger.kernel@...ger.ca>, kernel-janitors@...r.kernel.org, Alexander Viro <viro@...iv.linux.org.uk>, linux-fsdevel@...r.kernel.org, linux-kernel@...r.kernel.org, Jakub Jelinek <jakub@...hat.com> Subject: Re: [PATCH v2] fs: select: fix information leak to userspace On Mon, Nov 15, 2010 at 08:12:21PM +0100, Eric Dumazet wrote: >Le dimanche 14 novembre 2010 à 18:06 -0800, Andrew Morton a écrit : >> On Sun, 14 Nov 2010 12:25:33 +0300 Vasiliy Kulikov <segoon@...nwall.com> wrote: >> > >> > if (timeval) { >> > - rtv.tv_sec = rts.tv_sec; >> > - rtv.tv_usec = rts.tv_nsec / NSEC_PER_USEC; >> > + struct timeval rtv = { >> > + .tv_sec = rts.tv_sec, >> > + .tv_usec = rts.tv_nsec / NSEC_PER_USEC >> > + }; >> > >> > if (!copy_to_user(p, &rtv, sizeof(rtv))) >> > return ret; >> >> Please check the assembly code - this will still leave four bytes of >> uninitalised stack data in 'rtv', surely. > >Thats a good question. > >In my understanding, gcc should initialize all holes (and other not >mentioned fields) with 0, even for automatic storage [C99 only mandates >this on static storage] > >I tested on x86_64 and this is the case, but could not find a definitive >answer in gcc documentation. > Yeah, this is not clearly defined by C99 I think, but we can still find some clues in 6.2.6.1, Paragraph 6, " When a value is stored in an object of structure or union type, including in a member object, the bytes of the object representation that correspond to any padding bytes take unspecified values. " So we can't rely on the compiler to initialize the padding bytes too. -- Live like a child, think like the god. -- To unsubscribe from this list: send the line "unsubscribe linux-kernel" in the body of a message to majordomo@...r.kernel.org More majordomo info at http://vger.kernel.org/majordomo-info.html Please read the FAQ at http://www.tux.org/lkml/
Powered by blists - more mailing lists