| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
Date: Sun, 23 Aug 2020 11:04:34 +0800
From: richard clark <richard.xnu.clark@...il.com>
To: linux-kernel@...r.kernel.org
Cc: andreyknvl@...gle.com
Subject: Why KASAN doesn't detect this stack oob fault?
Hi guys,
I ins a kmod with below code in a KASAN enabled kernel (
5.7.0,
CONFIG_KASAN=y
CONFIG_KASAN_GENERIC=y
CONFIG_KASAN_OUTLINE=y):
static int kmod_init(void)
{
int i;
int arr[4];
for (i = 0; i < 20; i++) {
arr[i] = i;
printk("arr[%d] = %d\n", i, arr[i]);
}
return 0;
}
The output is after insmod:
[ 1511.800683] arr[0] = 0
[ 1511.800685] arr[1] = 1
[ 1511.800686] arr[2] = 2
[ 1511.800687] arr[3] = 3
[ 1511.800688] arr[4] = 4
[ 1511.800690] arr[5] = 5
[ 1511.800691] arr[6] = 6
[ 1511.800692] arr[7] = 7
[ 1511.800693] arr[8] = 8
[ 1511.800694] arr[9] = 9
[ 1511.800695] arr[10] = 10
[ 1511.800696] arr[11] = 11
[ 1511.800697] arr[12] = 12
[ 1511.800699] arr[13] = 13
[ 1511.800700] arr[14] = 14
[ 1511.800701] arr[15] = 15
[ 1511.800702] arr[16] = 16
[ 1511.800704] arr[17] = 17
[ 1511.800705] arr[18] = 18
[ 1511.800706] arr[19] = 19
The kernel is not tainted and the gcc version is 7.5 used to build the kernel.
The question is:
1. Why the stack out-of-bound can work?
2. Why the KASAN doesn't detect this?
Powered by blists - more mailing lists