lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list]
Message-ID: <CAG_fn=UHjDv=Jc_nEKKknVGrr9CC4rZ+a+hw_yAL-j4y4=89cg@mail.gmail.com>
Date:   Thu, 16 May 2019 15:19:48 +0200
From:   Alexander Potapenko <glider@...gle.com>
To:     Tetsuo Handa <penguin-kernel@...ove.sakura.ne.jp>
Cc:     syzbot <syzbot+1018d578c410f9f37261@...kaller.appspotmail.com>,
        James Morris <jmorris@...ei.org>,
        LKML <linux-kernel@...r.kernel.org>,
        linux-security-module <linux-security-module@...r.kernel.org>,
        "Serge E. Hallyn" <serge@...lyn.com>,
        syzkaller-bugs <syzkaller-bugs@...glegroups.com>,
        takedakn@...data.co.jp
Subject: Re: KMSAN: uninit-value in tomoyo_check_inet_address

From: Tetsuo Handa <penguin-kernel@...ove.sakura.ne.jp>
Date: Thu, May 16, 2019 at 3:13 PM
To: syzbot
Cc: <glider@...gle.com>, <jmorris@...ei.org>,
<linux-kernel@...r.kernel.org>,
<linux-security-module@...r.kernel.org>, <serge@...lyn.com>,
<syzkaller-bugs@...glegroups.com>, <takedakn@...data.co.jp>

> On 2019/05/16 21:58, syzbot wrote:
> > Hello,
> >
> > syzbot found the following crash on:
> >
> > HEAD commit:    3b955a40 usb-fuzzer: main usb gadget fuzzer driver
> > git tree:       kmsan
> > console output: https://syzkaller.appspot.com/x/log.txt?x=1027e608a00000
> > kernel config:  https://syzkaller.appspot.com/x/.config?x=602468164ccdc30a
> > dashboard link: https://syzkaller.appspot.com/bug?extid=1018d578c410f9f37261
> > compiler:       clang version 9.0.0 (/home/glider/llvm/clang 06d00afa61eef8f7f501ebdb4e8612ea43ec2d78)
> >
> > Unfortunately, I don't have any reproducer for this crash yet.
>
> This should be already fixed in linux.git.
>
> #syz fix: tomoyo: Check address length before reading address family
>
> commit e6193f78bb689f3f424559bb45f4a091c8b314df
> Author: Tetsuo Handa <penguin-kernel@...ove.SAKURA.ne.jp>
> Date:   Fri Apr 12 19:59:36 2019 +0900
>
>     tomoyo: Check address length before reading address family
>
>     KMSAN will complain if valid address length passed to bind()/connect()/
>     sendmsg() is shorter than sizeof("struct sockaddr"->sa_family) bytes.
>
>     Signed-off-by: Tetsuo Handa <penguin-kernel@...ove.SAKURA.ne.jp>
>     Signed-off-by: James Morris <jamorris@...ux.microsoft.com>
Apparently the fix didn't make it to 5.1, I'll cherry-pick it to KMSAN tree.
OOC, how did you know about this bug?
> --
> You received this message because you are subscribed to the Google Groups "syzkaller-bugs" group.
> To unsubscribe from this group and stop receiving emails from it, send an email to syzkaller-bugs+unsubscribe@...glegroups.com.
> To view this discussion on the web visit https://groups.google.com/d/msgid/syzkaller-bugs/2b0b9d18-6773-f2dc-ecb2-9f8782d0962a%40i-love.sakura.ne.jp.
> For more options, visit https://groups.google.com/d/optout.



-- 
Alexander Potapenko
Software Engineer

Google Germany GmbH
Erika-Mann-Straße, 33
80636 München

Geschäftsführer: Paul Manicle, Halimah DeLaine Prado
Registergericht und -nummer: Hamburg, HRB 86891
Sitz der Gesellschaft: Hamburg

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ