| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening PHC | |
|
Open Source and information security mailing list archives
| ||
|
Date: Thu, 09 Nov 2017 03:02:14 +0100
From: Johannes Berg <johannes@...solutions.net>
To: "Jason A. Donenfeld" <Jason@...c4.com>, davem@...emloft.net,
Netdev <netdev@...r.kernel.org>, linux-kernel@...r.kernel.org
Subject: Re: [PATCH v3] af_netlink: ensure that NLMSG_DONE never fails in
dumps
On Thu, 2017-11-09 at 10:42 +0900, Jason A. Donenfeld wrote:
> +++ b/net/netlink/af_netlink.c
> @@ -2136,7 +2136,7 @@ static int netlink_dump(struct sock *sk)
> struct sk_buff *skb = NULL;
> struct nlmsghdr *nlh;
> struct module *module;
> - int len, err = -ENOBUFS;
> + int err = -ENOBUFS;
> int alloc_min_size;
> int alloc_size;
>
> @@ -2183,9 +2183,10 @@ static int netlink_dump(struct sock *sk)
> skb_reserve(skb, skb_tailroom(skb) - alloc_size);
> netlink_skb_set_owner_r(skb, sk);
>
> - len = cb->dump(skb, cb);
> + if (nlk->dump_done_errno > 0)
> + nlk->dump_done_errno = cb->dump(skb, cb);
>
> - if (len > 0) {
> + if (nlk->dump_done_errno > 0 || skb_tailroom(skb) < nlmsg_total_size(sizeof(nlk->dump_done_errno))) {
> mutex_unlock(nlk->cb_mutex);
nit: I think your line got a little long here :)
> - memcpy(nlmsg_data(nlh), &len, sizeof(len));
> + memcpy(nlmsg_data(nlh), &nlk->dump_done_errno, sizeof(nlk->dump_done_errno));
and here
> + nlk->dump_done_errno = INT_MAX;
I guess positive values aren't really returned from dump?
johannes
Powered by blists - more mailing lists