lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [<thread-prev] [day] [month] [year] [list] 
Message-Id: <20141119.165557.1477971698958867828.davem@davemloft.net>
Date:	Wed, 19 Nov 2014 16:55:57 -0500 (EST)
From:	David Miller <davem@...emloft.net>
To:	ast@...mgrid.com
Cc:	fengguang.wu@...el.com, hannes@...essinduktion.org,
	dborkman@...hat.com, netdev@...r.kernel.org,
	linux-kernel@...r.kernel.org
Subject: Re: [PATCH net-next] bpf: fix arraymap NULL deref and missing
 overflow and zero size checks

From: Alexei Starovoitov <ast@...mgrid.com>
Date: Tue, 18 Nov 2014 17:32:16 -0800

> - fix NULL pointer dereference:
> kernel/bpf/arraymap.c:41 array_map_alloc() error: potential null dereference 'array'.  (kzalloc returns null)
> kernel/bpf/arraymap.c:41 array_map_alloc() error: we previously assumed 'array' could be null (see line 40)
> 
> - integer overflow check was missing in arraymap
> (hashmap checks for overflow via kmalloc_array())
> 
> - arraymap can round_up(value_size, 8) to zero. check was missing.
> 
> - hashmap was missing zero size check as well, since roundup_pow_of_two() can
> truncate into zero
> 
> - found a typo in the arraymap comment and unnecessary empty line
> 
> Fix all of these issues and make both overflow checks explicit U32 in size.
> 
> Reported-by: kbuild test robot <fengguang.wu@...el.com>
> Signed-off-by: Alexei Starovoitov <ast@...mgrid.com>
> ---
> This silly NULL deref bug and missing overflow check was an oversight when
> I refactored the code from two allocations (kmalloc for struct bpf_array and
> kcalloc for array of elements) in the first implementation of arraymap
> into one allocation which is this code.

Applied, thanks.
--
To unsubscribe from this list: send the line "unsubscribe linux-kernel" in
the body of a message to majordomo@...r.kernel.org
More majordomo info at  http://vger.kernel.org/majordomo-info.html
Please read the FAQ at  http://www.tux.org/lkml/

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ