lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [day] [month] [year] [list] 
Message-ID: <6b369f5c-6a9d-febf-81fe-2e1a4b408814@suse.cz>
Date:	Thu, 4 Aug 2016 15:31:01 +0200
From:	Vlastimil Babka <vbabka@...e.cz>
To:	Nicholas Krause <xerofoify@...il.com>, viro@...iv.linux.org.uk
Cc:	akpm@...ux-foundation.org, msalter@...hat.com,
	kuleshovmail@...il.com, david.vrabel@...rix.com,
	ard.biesheuvel@...aro.org, jgross@...e.com,
	linux-fsdevel@...r.kernel.org, linux-kernel@...r.kernel.org,
	linux-mm@...ck.org
Subject: Re: [PATCH] fs:Fix kmemleak leak warning in getname_flags about
 working on unitialized memory

On 08/03/2016 11:48 PM, Nicholas Krause wrote:
> This fixes a kmemleak leak warning complaining about working on
> unitializied memory as found in the function, getname_flages. Seems

What exactly is the kmemleak warning saying?

> that we are indeed working on unitialized memory, as the filename
> char pointer is never made to point to the filname structure's result
> member for holding it's name, fix this by using memcpy to copy the
> filname structure pointer's, name to the char pointer passed to this
> function.

I don't understand what you're saying here. "the char pointer passed to
this function" is the source, not destination.

> Signed-off-by: Nicholas Krause <xerofoify@...il.com>
> ---
>  fs/namei.c         | 1 +
>  mm/early_ioremap.c | 1 +
>  2 files changed, 2 insertions(+)
> 
> diff --git a/fs/namei.c b/fs/namei.c
> index c386a32..6b18d57 100644
> --- a/fs/namei.c
> +++ b/fs/namei.c
> @@ -196,6 +196,7 @@ getname_flags(const char __user *filename, int flags, int *empty)
>  		}
>  	}
>  
> +	memcpy((char *)result->name, filename, len);

This will be wrong even with strncpy_from_user instead of memcpy. AFAICS
result->name already points to a copy of filename.
Also if you think that the above is "copy[ing] the filname structure
pointer's, name to the char pointer passed to this function" then you
are wrong.

>  	result->uptr = filename;
>  	result->aname = NULL;
>  	audit_getname(result);
> diff --git a/mm/early_ioremap.c b/mm/early_ioremap.c
> index 6d5717b..92c5235 100644
> --- a/mm/early_ioremap.c
> +++ b/mm/early_ioremap.c
> @@ -215,6 +215,7 @@ early_ioremap(resource_size_t phys_addr, unsigned long size)
>  void __init *
>  early_memremap(resource_size_t phys_addr, unsigned long size)
>  {
> +	dump_stack();
>  	return (__force void *)__early_ioremap(phys_addr, size,
>  					       FIXMAP_PAGE_NORMAL);
>  }
>

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ