| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
Message-ID: <8e34d30364b9306465a72c283ff59f453f8ea232.camel@perches.com>
Date: Mon, 28 Oct 2019 01:08:24 -0700
From: Joe Perches <joe@...ches.com>
To: Dan Carpenter <dan.carpenter@...cle.com>
Cc: Andrew Morton <akpm@...ux-foundation.org>,
LKML <linux-kernel@...r.kernel.org>,
Dan Carpenter <error27@...il.com>,
Julia Lawall <julia.lawall@...6.fr>,
Thomas Gleixner <tglx@...utronix.de>
Subject: Re: [PATCH] kernel: sys.c: Avoid copying possible padding bytes in
copy_to_user
On Mon, 2019-10-28 at 10:18 +0300, Dan Carpenter wrote:
> On Sat, Oct 26, 2019 at 12:46:08PM -0700, Joe Perches wrote:
> > Initialization is not guaranteed to zero padding bytes so
> > use an explicit memset instead to avoid leaking any kernel
> > content in any possible padding bytes.
[]
> > diff --git a/kernel/sys.c b/kernel/sys.c
[]
> > @@ -1279,11 +1279,13 @@ SYSCALL_DEFINE1(uname, struct old_utsname __user *, name)
> >
> > SYSCALL_DEFINE1(olduname, struct oldold_utsname __user *, name)
> > {
> > - struct oldold_utsname tmp = {};
> > + struct oldold_utsname tmp;
>
> oldold_utsname doesn't have an struct holes. It looks like this:
It's not struct holes that could be a problem.
It's possible struct padding after the last element.
> struct oldold_utsname {
> char sysname[9];
> char nodename[9];
> char release[9];
> char version[9];
> char machine[9];
> };
Nominally 45 bytes.
A compiler _could_ pad to 48 for arbitrary alignment.
gcc does not pad and the struct size actually is 45
so for gcc (and I did not check clang), it's not a
real problem.
The patch still is a possible trivial improvement as
the memset is not done when name is NULL.
Powered by blists - more mailing lists