lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
Open Source and information security mailing list archives
| ||
|
Date: Tue, 19 Feb 2019 23:15:16 +0900 From: Sergey Senozhatsky <sergey.senozhatsky@...il.com> To: Andy Shevchenko <andy.shevchenko@...il.com> Cc: Sergey Senozhatsky <sergey.senozhatsky@...il.com>, Sergey Senozhatsky <sergey.senozhatsky.work@...il.com>, Petr Mladek <pmladek@...e.com>, Rasmus Villemoes <linux@...musvillemoes.dk>, Linus Torvalds <torvalds@...ux-foundation.org>, "Tobin C . Harding" <me@...in.cc>, Joe Perches <joe@...ches.com>, Andrew Morton <akpm@...ux-foundation.org>, Michal Hocko <mhocko@...e.cz>, Steven Rostedt <rostedt@...dmis.org>, Linux Kernel Mailing List <linux-kernel@...r.kernel.org> Subject: Re: [PATCH v6 8/9] vsprintf: Prevent crash when dereferencing invalid pointers On (02/19/19 15:49), Andy Shevchenko wrote: > > On (02/19/19 13:02), Andy Shevchenko wrote: > > [..] > > > And if it's not? You will get in either case incomplete information, > > > but at least with "(e" (or even "(") you might get a clue that it > > > errornous conditions. > > > > The thing I'm signaling here is that in some cases we still can > > crash the kernel; with the difference that invalid dereference > > can now be a memory corruption. Just saying. > > Wouldn't that mean that the culprit in the caller, not in the callee? > > (As far as I got your another example with badly called sprintf() which may > overwrite stack, etc). ipv4 printout case does not look like a caller bug to me: we expect a 15 bytes ipv4 address, allocate a 16 bytes buffer, sprintf() voluntarily writes 18 bytes. This error reporting is a bit of a dangerous practice; next year someone might add another specifier and another return string(buf, end, "(this data does not look right)", spec); We probably would want to do something about it. For instance, mandating that "(error)" string cannot be larger than 8 bytes can be a good starting point. -ss
Powered by blists - more mailing lists