lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list] 
Message-ID: <20191118142120.2cec693d@cakuba.netronome.com>
Date:   Mon, 18 Nov 2019 14:21:20 -0800
From:   Jakub Kicinski <jakub.kicinski@...ronome.com>
To:     Jonathan Toppins <jtoppins@...hat.com>
Cc:     netdev@...r.kernel.org, Ariel Elior <aelior@...vell.com>,
        Sudarsana Kalluru <skalluru@...vell.com>,
        GR-everest-linux-l2@...vell.com,
        "David S. Miller" <davem@...emloft.net>,
        linux-kernel@...r.kernel.org
Subject: Re: [PATCH net-next] bnx2x: initialize ethtool info->fw_version
 before use

On Mon, 18 Nov 2019 12:07:53 -0500, Jonathan Toppins wrote:
> If the info->fw_version has garbage in the buffer this can lead to a BUG()
> being generated in strlcat() due to the use of strlen(). Initialize the
> buffer before use.
> 
> The use of a systemtap script can demonstrate the problem by injecting
> garbage into fw_version:


> @@ -1111,6 +1111,8 @@ static void bnx2x_get_drvinfo(struct net_device *dev,
>  	int ext_dev_info_offset;
>  	u32 mbi;
>  
> +	info->fw_version[0] = 0;
> +
>  	strlcpy(info->driver, DRV_MODULE_NAME, sizeof(info->driver));
>  	strlcpy(info->version, DRV_MODULE_VERSION, sizeof(info->version));

I don't know systemtap, so it's very unclear what you're trying to fix
here. Setting random fields of info to 0 seems pointless as the entire
structure is zeroed before the call in ethtool_get_drvinfo().

Please explain.

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ