lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list]
Message-ID: <20150527190626.GC19407@pd.tnic>
Date:	Wed, 27 May 2015 21:06:26 +0200
From:	Borislav Petkov <bp@...en8.de>
To:	Joe Perches <joe@...ches.com>
Cc:	luto@...capital.net, peterz@...radead.org, dvlasenk@...hat.com,
	torvalds@...ux-foundation.org, imammedo@...hat.com,
	brgerst@...il.com, mingo@...nel.org, prarit@...hat.com,
	dave.hansen@...ux.intel.com, fenghua.yu@...el.com, hpa@...or.com,
	linux-kernel@...r.kernel.org, tglx@...utronix.de, bp@...e.de,
	linux-tip-commits@...r.kernel.org
Subject: Re: [tip:x86/cpu] x86/cpu: Strip any /proc/ cpuinfo model name field
 whitespace

On Wed, May 27, 2015 at 10:07:34AM -0700, Joe Perches wrote:
> This code can memmove from beyond the x86_model_id field.

... in the theoretical case where some model ID has more than 64 - 48
preceding white spaces.

I guess we want to be prepared here for insane CPU model IDs coming from
virtualization.

> Maybe:
> 	char *model = strim(c->x86_model_id);
> 	memmove(c->x86_model_id, model, strlen(model) + 1);

Yes, and additionally limit that string length:

---
diff --git a/arch/x86/kernel/cpu/common.c b/arch/x86/kernel/cpu/common.c
index b35c777df6df..9d1fd48486d6 100644
--- a/arch/x86/kernel/cpu/common.c
+++ b/arch/x86/kernel/cpu/common.c
@@ -383,6 +383,9 @@ static const struct cpu_dev *cpu_devs[X86_VENDOR_NUM] = {};
 static void get_model_name(struct cpuinfo_x86 *c)
 {
 	unsigned int *v;
+	const char *model;
+
+#define MODEL_ID_MAXLEN 48
 
 	if (c->extended_cpuid_level < 0x80000004)
 		return;
@@ -391,13 +394,15 @@ static void get_model_name(struct cpuinfo_x86 *c)
 	cpuid(0x80000002, &v[0], &v[1], &v[2], &v[3]);
 	cpuid(0x80000003, &v[4], &v[5], &v[6], &v[7]);
 	cpuid(0x80000004, &v[8], &v[9], &v[10], &v[11]);
-	c->x86_model_id[48] = 0;
+	c->x86_model_id[MODEL_ID_MAXLEN] = 0;
 
 	/*
 	 * Remove leading whitespace on Intel processors and trailing
 	 * whitespace on AMD processors.
 	 */
-	memmove(c->x86_model_id, strim(c->x86_model_id), 48);
+	model = strim(c->x86_model_id);
+
+	memmove(c->x86_model_id, model, strnlen(model, MODEL_ID_MAXLEN) + 1);
 }
 
 void cpu_detect_cache_sizes(struct cpuinfo_x86 *c)

-- 
Regards/Gruss,
    Boris.

ECO tip #101: Trim your mails when you reply.
--
--
To unsubscribe from this list: send the line "unsubscribe linux-kernel" in
the body of a message to majordomo@...r.kernel.org
More majordomo info at  http://vger.kernel.org/majordomo-info.html
Please read the FAQ at  http://www.tux.org/lkml/

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ