lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list] 
Message-ID: <20180209122549.GK2197@mtr-leonro.local>
Date:   Fri, 9 Feb 2018 14:25:49 +0200
From:   Leon Romanovsky <leon@...nel.org>
To:     "Gustavo A. R. Silva" <gustavo@...eddedor.com>
Cc:     Doug Ledford <dledford@...hat.com>, Jason Gunthorpe <jgg@...pe.ca>,
        linux-rdma@...r.kernel.org, linux-kernel@...r.kernel.org,
        "Gustavo A. R. Silva" <garsilva@...eddedor.com>
Subject: Re: [PATCH] RDMA/nldev: Fix multiple potential NULL pointer
 dereferences

On Fri, Feb 09, 2018 at 12:37:02AM -0600, Gustavo A. R. Silva wrote:
> In case the message header and payload cannot be stored, function
> nlmsg_put returns null.
>
> Fix this by adding multiple sanity checks and avoid a potential
> null dereference on _nlh_ when calling nlmsg_end.
>
> Addresses-Coverity-ID: 1454215 ("Dereference null return value")
> Addresses-Coverity-ID: 1454223 ("Dereference null return value")
> Addresses-Coverity-ID: 1454224 ("Dereference null return value")
> Addresses-Coverity-ID: 1464669 ("Dereference null return value")
> Addresses-Coverity-ID: 1464670 ("Dereference null return value")
> Addresses-Coverity-ID: 1464672 ("Dereference null return value")
> Fixes: e5c9469efcb1 ("RDMA/netlink: Add nldev device doit implementation")
> Fixes: c3f66f7b0052 ("RDMA/netlink: Implement nldev port doit callback")
> Fixes: 7d02f605f0dc ("RDMA/netlink: Add nldev port dumpit implementation")
> Fixes: b5fa635aab8f ("RDMA/nldev: Provide detailed QP information")
> Fixes: bf3c5a93c523 ("RDMA/nldev: Provide global resource utilization")
> Signed-off-by: Gustavo A. R. Silva <gustavo@...eddedor.com>
> ---
>  drivers/infiniband/core/nldev.c | 26 +++++++++++++++++++++++++-
>  1 file changed, 25 insertions(+), 1 deletion(-)
>

It will be much better to fix the tool instead of fixing ghost case.
This scenario is impossible for all those flows.
We can receive the skv/msg in two ways:
 * First by allocating new message with NLMSG_DEFAULT_SIZE, which has more room
   than nlmsg_total_size(payload), payload is 0.
 * Second by getting from netlink.c and it will be at least "struct nlmsghdr" too.

Can you please add this info to the commit message?

Thanks

Download attachment "signature.asc" of type "application/pgp-signature" (834 bytes)

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ