lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [<thread-prev] [day] [month] [year] [list]
Message-Id: <C6WEQ17CF8QV.HSY7LMEWDFBX@maharaja>
Date:   Fri, 06 Nov 2020 10:54:10 -0800
From:   "Daniel Xu" <dxu@...uu.xyz>
To:     "Alexei Starovoitov" <alexei.starovoitov@...il.com>,
        "kernel test robot" <oliver.sang@...el.com>
Cc:     "bpf" <bpf@...r.kernel.org>, "LKML" <linux-kernel@...r.kernel.org>,
        "Alexei Starovoitov" <ast@...nel.org>,
        "Kernel Team" <kernel-team@...com>, "0day robot" <lkp@...el.com>,
        <lkp@...ts.01.org>
Subject: Re: [lib/strncpy_from_user.c] 00a4ef91e8:
 BUG:KASAN:slab-out-of-bounds_in_s

On Thu Nov 5, 2020 at 8:32 PM PST, Alexei Starovoitov wrote:
> Daniel,
>
> the kasan complains about the previous version of your patch,
> but your v4 version looks equivalent.
> Could you try to repro this issue?
> The code looks correct, but kasan complain is concerning.
>
> On Thu, Nov 5, 2020 at 5:56 PM kernel test robot <oliver.sang@...el.com>
> wrote:
> >
> > Greeting,
> >
> > FYI, we noticed the following commit (built with clang-12):
> >
> > commit: 00a4ef91e8f5af6edceb9bd4bceed2305f038796 ("[PATCH bpf-next] lib/strncpy_from_user.c: Don't overcopy bytes after NUL terminator")
> > url: https://github.com/0day-ci/linux/commits/Daniel-Xu/lib-strncpy_from_user-c-Don-t-overcopy-bytes-after-NUL-terminator/20201104-103306
> > base: https://git.kernel.org/cgit/linux/kernel/git/bpf/bpf-next.git master

[...]

I'll take a look, thanks.

Seems like the original email went into my spam. I'll try to fix my spam
filter.

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ