| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
Message-ID: <20200802165535.GA270694@PWN>
Date: Sun, 2 Aug 2020 12:55:35 -0400
From: Peilin Ye <yepeilin.cs@...il.com>
To: Dan Carpenter <dan.carpenter@...cle.com>
Cc: Arnd Bergmann <arnd@...db.de>,
Greg Kroah-Hartman <gregkh@...uxfoundation.org>,
linux-kernel-mentees@...ts.linuxfoundation.org,
"linux-kernel@...r.kernel.org" <linux-kernel@...r.kernel.org>
Subject: Re: [Linux-kernel-mentees] [PATCH v3] media/v4l2-core: Fix
kernel-infoleak in video_put_user()
On Mon, Jul 27, 2020 at 04:16:08PM +0300, Dan Carpenter wrote:
> kernel/signal.c:3524 __do_sys_rt_sigtimedwait() warn: check that 'info' doesn't leak information (struct has a hole after 'si_code')
> kernel/signal.c:3524 __do_sys_rt_sigtimedwait() warn: check that 'info' doesn't leak information (struct has a hole after 'si_code')
> kernel/signal.c:3556 __do_sys_rt_sigtimedwait_time32() warn: check that 'info' doesn't leak information (struct has a hole after 'si_code')
> kernel/signal.c:3556 __do_sys_rt_sigtimedwait_time32() warn: check that 'info' doesn't leak information (struct has a hole after 'si_code')
I think these are safe. Before getting to copy_siginfo_to_user(), all
`info` run through:
do_sigtimedwait()
V
dequeue_signal()
V
__dequeue_signal()
V
collect_signal()
Where it either gets memcpy()'d by copy_siginfo(), or memset()'d by
clear_siginfo().
The only exception is when next_signal() fails in __dequeue_signal(),
but that will cause do_sigtimedwait() to return an error, and we never
reach copy_siginfo_to_user() in such a case.
Thank you,
Peilin Ye
Powered by blists - more mailing lists