lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [<thread-prev] [day] [month] [year] [list] 
Message-ID: <nycvar.YFH.7.76.1807231212190.997@cbobk.fhfr.pm>
Date:   Mon, 23 Jul 2018 12:12:30 +0200 (CEST)
From:   Jiri Kosina <jikos@...nel.org>
To:     Kamalesh Babulal <kamalesh@...ux.vnet.ibm.com>
cc:     Josh Poimboeuf <jpoimboe@...hat.com>,
        Petr Mladek <pmladek@...e.com>,
        Miroslav Benes <mbenes@...e.cz>, live-patching@...r.kernel.org,
        linux-kernel@...r.kernel.org
Subject: Re: [PATCH] livepatch: Validate module/old func name length

On Fri, 20 Jul 2018, Kamalesh Babulal wrote:

> livepatch module author can pass module name/old function name with more
> than the defined character limit. With obj->name length greater than
> MODULE_NAME_LEN, the livepatch module gets loaded but waits forever on
> the module specified by obj->name to be loaded. It also populates a /sys
> directory with an untruncated object name.
> 
> In the case of funcs->old_name length greater then KSYM_NAME_LEN, it
> would not match against any of the symbol table entries. Instead loop
> through the symbol table comparing them against a nonexisting function,
> which can be avoided.
> 
> The same issues apply, to misspelled/incorrect names. At least gatekeep
> the modules with over the limit string length, by checking for their
> length during livepatch module registration.
> 
> Signed-off-by: Kamalesh Babulal <kamalesh@...ux.vnet.ibm.com>

Applied, thanks.

-- 
Jiri Kosina
SUSE Labs

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ