| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
Message-ID: <87ftj8k1j9.fsf@x220.int.ebiederm.org>
Date: Thu, 31 Oct 2019 17:12:10 -0500
From: ebiederm@...ssion.com (Eric W. Biederman)
To: Joe Perches <joe@...ches.com>
Cc: Andrea Righi <andrea.righi@...onical.com>,
Dan Carpenter <dan.carpenter@...cle.com>,
Bartlomiej Zolnierkiewicz <b.zolnierkie@...sung.com>,
Daniel Vetter <daniel.vetter@...ll.ch>,
Sam Ravnborg <sam@...nborg.org>,
Maarten Lankhorst <maarten.lankhorst@...ux.intel.com>,
Peter Rosin <peda@...ntia.se>,
Gerd Hoffmann <kraxel@...hat.com>,
dri-devel@...ts.freedesktop.org, linux-fbdev@...r.kernel.org,
linux-kernel@...r.kernel.org, kernel-janitors@...r.kernel.org,
security@...nel.org, Kees Cook <keescook@...omium.org>,
Julia Lawall <Julia.Lawall@...6.fr>
Subject: Re: [PATCH] fbdev: potential information leak in do_fb_ioctl()
Joe Perches <joe@...ches.com> writes:
> On Wed, 2019-10-30 at 21:12 +0100, Andrea Righi wrote:
>> Then memset() + memcpy() is probably the best option,
>> since copying all those fields one by one looks quite ugly to me...
>
> A memset of an automatic before a memcpy to the same
> automatic is unnecessary.
You still need to guarantee that all of the holes in the
structure you are copying are initialized before you copy it.
Otherwise you are just changing which unitialized memory that
is being copied to userspace.
Which is my concern with your very simple suggestion.
Eric
Powered by blists - more mailing lists