| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
Date: Fri, 27 Jul 2018 22:43:02 +0000
From: Jeremy Cline <jcline@...hat.com>
To: "David S . Miller" <davem@...emloft.net>
Cc: netdev@...r.kernel.org, linux-kernel@...r.kernel.org,
Josh Poimboeuf <jpoimboe@...hat.com>,
Jeremy Cline <jcline@...hat.com>, stable@...r.kernel.org
Subject: [PATCH 2/2] net: socket: Fix potential spectre v1 gadget in sock_is_registered
'family' can be a user-controlled value, so sanitize it after the bounds
check to avoid speculative out-of-bounds access.
Cc: Josh Poimboeuf <jpoimboe@...hat.com>
Cc: stable@...r.kernel.org
Signed-off-by: Jeremy Cline <jcline@...hat.com>
---
net/socket.c | 3 ++-
1 file changed, 2 insertions(+), 1 deletion(-)
diff --git a/net/socket.c b/net/socket.c
index f15d5cbb3ba4..608e29ae6baf 100644
--- a/net/socket.c
+++ b/net/socket.c
@@ -2672,7 +2672,8 @@ EXPORT_SYMBOL(sock_unregister);
bool sock_is_registered(int family)
{
- return family < NPROTO && rcu_access_pointer(net_families[family]);
+ return family < NPROTO &&
+ rcu_access_pointer(net_families[array_index_nospec(family, NPROTO)]);
}
static int __init sock_init(void)
--
2.17.1
Powered by blists - more mailing lists