lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [day] [month] [year] [list] 
Date:	Tue, 14 Jul 2015 20:12:28 +0200
From:	David Herrmann <dh.herrmann@...il.com>
To:	linux-kernel@...r.kernel.org
Cc:	Jan Alexander Steffens <jan.steffens@...il.com>,
	gregkh@...uxfoundation.org, daniel@...que.org, tixxdz@...ndz.org,
	David Herrmann <dh.herrmann@...il.com>
Subject: [PATCH] kdbus: properly reset metadata iovecs on multicasts

If a message is sent to multiple destinations, each destination might
request a different set of metadata. Hence, we cannot rely on each one
requesting at least a single bit.

Fix the message exporter to properly reset the metadata iovec on each
emit-iteration. Otherwise, we might end up scanning random heap memory if
a following destination does not request metadata.

Reported-by: Jan Alexander Steffens <jan.steffens@...il.com>
Signed-off-by: David Herrmann <dh.herrmann@...il.com>
---
Hi Greg

One fall-out from the rewrite of the message importer. Reported by Jan. This
fixes some issues with metadata on messages targeted at more than one
destination. Reproducible by running a debug-monitor (which thus gets any
messages, additionally to the normal receiver).

Thanks
David

 ipc/kdbus/message.c | 10 ++++++++++
 1 file changed, 10 insertions(+)

diff --git a/ipc/kdbus/message.c b/ipc/kdbus/message.c
index 64763ea..3520f45 100644
--- a/ipc/kdbus/message.c
+++ b/ipc/kdbus/message.c
@@ -946,6 +946,16 @@ struct kdbus_pool_slice *kdbus_staging_emit(struct kdbus_staging *staging,
 		++v;
 
 		msg_size = KDBUS_ALIGN8(msg_size) + meta_size;
+	} else {
+		/* metadata items */
+		v->iov_len = 0;
+		v->iov_base = (void __user *)zeros;
+		++v;
+
+		/* padding after metadata */
+		v->iov_len = 0;
+		v->iov_base = (void __user *)zeros;
+		++v;
 	}
 
 	/* ... payload iovecs are already filled in ... */
-- 
2.4.5

--
To unsubscribe from this list: send the line "unsubscribe linux-kernel" in
the body of a message to majordomo@...r.kernel.org
More majordomo info at  http://vger.kernel.org/majordomo-info.html
Please read the FAQ at  http://www.tux.org/lkml/

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ