lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
Open Source and information security mailing list archives
| ||
|
Date: Sun, 2 Aug 2020 12:55:35 -0400 From: Peilin Ye <yepeilin.cs@...il.com> To: Dan Carpenter <dan.carpenter@...cle.com> Cc: Arnd Bergmann <arnd@...db.de>, Greg Kroah-Hartman <gregkh@...uxfoundation.org>, linux-kernel-mentees@...ts.linuxfoundation.org, "linux-kernel@...r.kernel.org" <linux-kernel@...r.kernel.org> Subject: Re: [Linux-kernel-mentees] [PATCH v3] media/v4l2-core: Fix kernel-infoleak in video_put_user() On Mon, Jul 27, 2020 at 04:16:08PM +0300, Dan Carpenter wrote: > kernel/signal.c:3524 __do_sys_rt_sigtimedwait() warn: check that 'info' doesn't leak information (struct has a hole after 'si_code') > kernel/signal.c:3524 __do_sys_rt_sigtimedwait() warn: check that 'info' doesn't leak information (struct has a hole after 'si_code') > kernel/signal.c:3556 __do_sys_rt_sigtimedwait_time32() warn: check that 'info' doesn't leak information (struct has a hole after 'si_code') > kernel/signal.c:3556 __do_sys_rt_sigtimedwait_time32() warn: check that 'info' doesn't leak information (struct has a hole after 'si_code') I think these are safe. Before getting to copy_siginfo_to_user(), all `info` run through: do_sigtimedwait() V dequeue_signal() V __dequeue_signal() V collect_signal() Where it either gets memcpy()'d by copy_siginfo(), or memset()'d by clear_siginfo(). The only exception is when next_signal() fails in __dequeue_signal(), but that will cause do_sigtimedwait() to return an error, and we never reach copy_siginfo_to_user() in such a case. Thank you, Peilin Ye
Powered by blists - more mailing lists