lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
Open Source and information security mailing list archives
| ||
|
Date: Thu, 31 May 2012 14:11:52 +0800 From: Jason Wang <jasowang@...hat.com> To: "Michael S. Tsirkin" <mst@...hat.com> CC: David Miller <davem@...emloft.net>, eric.dumazet@...il.com, netdev@...r.kernel.org, linux-kernel@...r.kernel.org, stable@...r.kernel.org Subject: Re: [PATCH] net: sock: validate data_len before allocating skb in sock_alloc_send_pskb() On 05/31/2012 02:02 PM, Michael S. Tsirkin wrote: > On Thu, May 31, 2012 at 02:00:14PM +0800, Jason Wang wrote: >> On 05/30/2012 03:02 PM, David Miller wrote: >>> From: Eric Dumazet<eric.dumazet@...il.com> >>> Date: Wed, 30 May 2012 08:46:23 +0200 >>> >>>> Why doing this test in the while (1) block, it should be done before the >>>> loop... >>>> >>>> Or even in the caller, note net/unix/af_unix.c does this right. >>>> >>>> if (len> SKB_MAX_ALLOC) >>>> data_len = min_t(size_t, >>>> len - SKB_MAX_ALLOC, >>>> MAX_SKB_FRAGS * PAGE_SIZE); >>>> >>>> skb = sock_alloc_send_pskb(sk, len - data_len, data_len, >>>> msg->msg_flags& MSG_DONTWAIT,&err); >>> My impression is that the callers should be fixed to. It makes no sense >>> to penalize the call sites that get this right. >>> >>> And yes, if we do check it in sock_alloc_send_pskb() it should be done >>> at function entry, not inside the loop. >> Sure, so is it ok for me to send a V2 that just do the fixing in >> sock_alloc_sned_pskb() as it's simple and easy to be accepted by >> stable version? >> >> For the fix of callers, I want to post fixes on top as I find >> there's some code duplication of {tun|macvtap|packet}_alloc_skb() >> and I want to unify them to a common helper in sock.c. Then I can >> fix this issue in the new helper. > Are packet sockets really affected? > If yes the only call site that gets this right is unix sockets? Not affected, only code duplication. It's no harm the check the data_len again for packet sockets, so better to unify the code and fix the issue in one place? > >>> -- >>> To unsubscribe from this list: send the line "unsubscribe netdev" in >>> the body of a message to majordomo@...r.kernel.org >>> More majordomo info at http://vger.kernel.org/majordomo-info.html > -- > To unsubscribe from this list: send the line "unsubscribe netdev" in > the body of a message to majordomo@...r.kernel.org > More majordomo info at http://vger.kernel.org/majordomo-info.html -- To unsubscribe from this list: send the line "unsubscribe linux-kernel" in the body of a message to majordomo@...r.kernel.org More majordomo info at http://vger.kernel.org/majordomo-info.html Please read the FAQ at http://www.tux.org/lkml/
Powered by blists - more mailing lists