lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list]
Message-ID: <DB7PR08MB3082C27A075C410FE339F308F7D60@DB7PR08MB3082.eurprd08.prod.outlook.com>
Date:   Fri, 9 Aug 2019 10:56:04 +0000
From:   "Justin He (Arm Technology China)" <Justin.He@....com>
To:     Andy Shevchenko <andy.shevchenko@...il.com>
CC:     Petr Mladek <pmladek@...e.com>,
        Andy Shevchenko <andriy.shevchenko@...ux.intel.com>,
        Sergey Senozhatsky <sergey.senozhatsky@...il.com>,
        Geert Uytterhoeven <geert+renesas@...der.be>,
        Linux Kernel Mailing List <linux-kernel@...r.kernel.org>,
        Thomas Gleixner <tglx@...utronix.de>,
        "Steven Rostedt (VMware)" <rostedt@...dmis.org>,
        "Kees Cook" <keescook@...omium.org>, Shuah Khan <shuah@...nel.org>,
        "Tobin C. Harding" <tobin@...nel.org>
Subject: RE: [PATCH 1/2] vsprintf: Prevent crash when dereferencing invalid
 pointers for %pD



> -----Original Message-----
> From: Andy Shevchenko <andy.shevchenko@...il.com>
> Sent: 2019年8月9日 18:52
> To: Justin He (Arm Technology China) <Justin.He@....com>
> Cc: Petr Mladek <pmladek@...e.com>; Andy Shevchenko
> <andriy.shevchenko@...ux.intel.com>; Sergey Senozhatsky
> <sergey.senozhatsky@...il.com>; Geert Uytterhoeven
> <geert+renesas@...der.be>; Linux Kernel Mailing List <linux-
> kernel@...r.kernel.org>; Thomas Gleixner <tglx@...utronix.de>; Steven
> Rostedt (VMware) <rostedt@...dmis.org>; Kees Cook
> <keescook@...omium.org>; Shuah Khan <shuah@...nel.org>; Tobin C.
> Harding <tobin@...nel.org>
> Subject: Re: [PATCH 1/2] vsprintf: Prevent crash when dereferencing invalid
> pointers for %pD
>
> On Fri, Aug 9, 2019 at 4:28 AM Jia He <justin.he@....com> wrote:
> >
> > Commit 3e5903eb9cff ("vsprintf: Prevent crash when dereferencing
> invalid
> > pointers") prevents most crash except for %pD.
> > There is an additional pointer dereferencing before dentry_name.
> >
> > At least, vma->file can be NULL and be passed to printk %pD in
> > print_bad_pte, which can cause crash.
> >
> > This patch fixes it with introducing a new file_dentry_name.
> >
>
> Reviewed-by: Andy Shevchenko <andy.shevchenko@...il.com>
>
> Perhaps you need to add a Fixes tag
Thanks, Andy
Fixes: 3e5903eb9cff ("vsprintf: Prevent crash when dereferencing invalid pointers")

Need I reposted v2?


--
Cheers,
Justin (Jia He)


>
> > Signed-off-by: Jia He <justin.he@....com>
> > ---
> >  lib/vsprintf.c | 13 ++++++++++---
> >  1 file changed, 10 insertions(+), 3 deletions(-)
> >
> > diff --git a/lib/vsprintf.c b/lib/vsprintf.c
> > index 63937044c57d..b4a119176fdb 100644
> > --- a/lib/vsprintf.c
> > +++ b/lib/vsprintf.c
> > @@ -869,6 +869,15 @@ char *dentry_name(char *buf, char *end, const
> struct dentry *d, struct printf_sp
> >         return widen_string(buf, n, end, spec);
> >  }
> >
> > +static noinline_for_stack
> > +char *file_dentry_name(char *buf, char *end, const struct file *f,
> > +                       struct printf_spec spec, const char *fmt)
> > +{
> > +       if (check_pointer(&buf, end, f, spec))
> > +               return buf;
> > +
> > +       return dentry_name(buf, end, f->f_path.dentry, spec, fmt);
> > +}
> >  #ifdef CONFIG_BLOCK
> >  static noinline_for_stack
> >  char *bdev_name(char *buf, char *end, struct block_device *bdev,
> > @@ -2166,9 +2175,7 @@ char *pointer(const char *fmt, char *buf, char
> *end, void *ptr,
> >         case 'C':
> >                 return clock(buf, end, ptr, spec, fmt);
> >         case 'D':
> > -               return dentry_name(buf, end,
> > -                                  ((const struct file *)ptr)->f_path.dentry,
> > -                                  spec, fmt);
> > +               return file_dentry_name(buf, end, ptr, spec, fmt);
> >  #ifdef CONFIG_BLOCK
> >         case 'g':
> >                 return bdev_name(buf, end, ptr, spec, fmt);
> > --
> > 2.17.1
> >
>
>
> --
> With Best Regards,
> Andy Shevchenko
IMPORTANT NOTICE: The contents of this email and any attachments are confidential and may also be privileged. If you are not the intended recipient, please notify the sender immediately and do not disclose the contents to any other person, use it for any purpose, or store or copy the information in any medium. Thank you.

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ