| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
Message-ID: <CADvbK_eVRCdMjF7s-dAm=6rVHhwkEEis62VWtsjmJagZp15HZQ@mail.gmail.com>
Date: Thu, 18 Jan 2018 01:10:46 +0800
From: Xin Long <lucien.xin@...il.com>
To: David Ahern <dsahern@...il.com>
Cc: syzbot <syzbot+03bee3680a37466775e7@...kaller.appspotmail.com>,
Jason@...c4.com, Andrey Vagin <avagin@...nvz.org>,
davem <davem@...emloft.net>, David Windsor <dwindsor@...il.com>,
elena.reshetova@...el.com,
Herbert Xu <herbert@...dor.apana.org.au>,
johannes.berg@...el.com, LKML <linux-kernel@...r.kernel.org>,
network dev <netdev@...r.kernel.org>,
syzkaller-bugs@...glegroups.com,
Américo Wang <xiyou.wangcong@...il.com>
Subject: Re: KASAN: stack-out-of-bounds Read in __nla_put
On Thu, Jan 18, 2018 at 12:59 AM, David Ahern <dsahern@...il.com> wrote:
> On 1/17/18 2:39 AM, Xin Long wrote:
>> I guess you need to move up your memset(0) a little bit:
>>
>> @@ -2427,6 +2443,7 @@ int netlink_rcv_skb(struct sk_buff *skb, int
>> (*cb)(struct sk_buff *,
>> nlh = nlmsg_hdr(skb);
>> err = 0;
>>
>> + memset(&extack, 0, sizeof(extack));
>> if (nlh->nlmsg_len < NLMSG_HDRLEN || skb->len < nlh->nlmsg_len)
>> return 0;
>>
>> @@ -2438,7 +2455,6 @@ int netlink_rcv_skb(struct sk_buff *skb, int
>> (*cb)(struct sk_buff *,
>> if (nlh->nlmsg_type < NLMSG_MIN_TYPE)
>> goto ack;
>>
>> - memset(&extack, 0, sizeof(extack));
>> err = cb(skb, nlh, &extack);
>>
>> So that 'goto ack's won't skip it. :-)
>>
>
> you are correct. Can you submit a patch to do that?
>
sure, if you wish.
Powered by blists - more mailing lists