lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
Open Source and information security mailing list archives
| ||
|
Date: Thu, 30 May 2019 08:48:48 +0200 From: Michal Kubecek <mkubecek@...e.cz> To: netdev@...r.kernel.org Cc: David Miller <davem@...emloft.net>, vivien.didelot@...il.com, linux-kernel@...r.kernel.org, kernel@...oirfairelinux.com, linville@...hat.com, f.fainelli@...il.com Subject: Re: [PATCH net-next] ethtool: copy reglen to userspace On Wed, May 29, 2019 at 10:17:44PM -0700, David Miller wrote: > From: Vivien Didelot <vivien.didelot@...il.com> > Date: Tue, 28 May 2019 16:58:48 -0400 > > > ethtool_get_regs() allocates a buffer of size reglen obtained from > > ops->get_regs_len(), thus only this value must be used when copying > > the buffer back to userspace. Also no need to check regbuf twice. > > > > Signed-off-by: Vivien Didelot <vivien.didelot@...il.com> > > Hmmm, can't regs.len be modified by the driver potentially? The driver certainly shouldn't raise it as that could result in kernel writing past the buffer provided by userspace. (I'll check some drivers to see if they truncate the dump or return an error if regs.len from userspace is insufficient.) And lowering it would be also wrong as that would mean dump would be shorter than what ops->get_regs_len() returned. Michal Kubecek
Powered by blists - more mailing lists