| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
Message-ID: <20190910113521.GA9895@unicorn.suse.cz>
Date: Tue, 10 Sep 2019 13:35:21 +0200
From: Michal Kubecek <mkubecek@...e.cz>
To: Navid Emamdoost <navid.emamdoost@...il.com>
Cc: josef@...icpanda.com, kjlu@....edu, smccaman@....edu,
secalert@...hat.com, emamd001@....edu,
Jens Axboe <axboe@...nel.dk>, linux-block@...r.kernel.org,
nbd@...er.debian.org, linux-kernel@...r.kernel.org
Subject: Re: [PATCH v2] nbd_genl_status: null check for nla_nest_start
(Just stumbled upon this patch when link to it came with a CVE bug report.)
On Mon, Jul 29, 2019 at 11:42:26AM -0500, Navid Emamdoost wrote:
> nla_nest_start may fail and return NULL. The check is inserted, and
> errno is selected based on other call sites within the same source code.
> Update: removed extra new line.
>
> Signed-off-by: Navid Emamdoost <navid.emamdoost@...il.com>
> Reviewed-by: Bob Liu <bob.liu@...cle.com>
> ---
> drivers/block/nbd.c | 5 +++++
> 1 file changed, 5 insertions(+)
>
> diff --git a/drivers/block/nbd.c b/drivers/block/nbd.c
> index 9bcde2325893..2410812d1e82 100644
> --- a/drivers/block/nbd.c
> +++ b/drivers/block/nbd.c
> @@ -2149,6 +2149,11 @@ static int nbd_genl_status(struct sk_buff *skb, struct genl_info *info)
> }
>
> dev_list = nla_nest_start_noflag(reply, NBD_ATTR_DEVICE_LIST);
> + if (!dev_list) {
> + ret = -EMSGSIZE;
> + goto out;
> + }
> +
> if (index == -1) {
> ret = idr_for_each(&nbd_index_idr, &status_cb, reply);
> if (ret) {
You should also call nlmsg_free(reply) when you bail out so that you
don't introduce a memory leak.
Michal Kubecek
Powered by blists - more mailing lists