lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite for Android: free password hash cracker in your pocket
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list] 
Message-ID: <89d1369e-f0a8-66f2-c0ea-3aac3a55e2c1@huawei.com>
Date:   Tue, 12 Jan 2021 14:24:05 +0800
From:   Xiaoming Ni <nixiaoming@...wei.com>
To:     Andrew Morton <akpm@...ux-foundation.org>
CC:     <linux-kernel@...r.kernel.org>, <mcgrof@...nel.org>,
        <keescook@...omium.org>, <yzaikin@...gle.com>,
        <adobriyan@...il.com>, <linux-fsdevel@...r.kernel.org>,
        <vbabka@...e.cz>, <mhocko@...e.com>, <andy.shevchenko@...il.com>,
        <wangle6@...wei.com>
Subject: Re: [PATCH v3] proc_sysctl: fix oops caused by incorrect command
 parameters.

On 2021/1/12 12:33, Andrew Morton wrote:
> On Tue, 12 Jan 2021 11:31:55 +0800 Xiaoming Ni <nixiaoming@...wei.com> wrote:
> 
>> The process_sysctl_arg() does not check whether val is empty before
>>   invoking strlen(val). If the command line parameter () is incorrectly
>>   configured and val is empty, oops is triggered.
>>
>> --- a/fs/proc/proc_sysctl.c
>> +++ b/fs/proc/proc_sysctl.c
>> @@ -1770,6 +1770,9 @@ static int process_sysctl_arg(char *param, char *val,
>>   			return 0;
>>   	}
>>   
>> +	if (!val)
>> +		return -EINVAL;
>> +
> 
> I think v2 (return 0) was preferable.  Because all the other error-out
> cases in process_sysctl_arg() also do a `return 0'.

https://lore.kernel.org/lkml/bc098af4-c0cd-212e-d09d-46d617d0acab@huawei.com/

patch4:
     +++ b/fs/proc/proc_sysctl.c
     @@ -1757,6 +1757,9 @@ static int process_sysctl_arg(char *param, 
char *val,
             loff_t pos = 0;
             ssize_t wret;

     +       if (!val)
     +               return 0;
     +
             if (strncmp(param, "sysctl", sizeof("sysctl") - 1) == 0) {
                     param += sizeof("sysctl") - 1;

Is this the version you're talking about?

> 
> If we're going to do a separate "patch: make process_sysctl_arg()
> return an errno instead of 0" then fine, we can discuss that.  But it's
> conceptually a different work from fixing this situation.
> .
> 
However, are the logs generated by process_sysctl_arg() clearer and more 
accurate than parse_args()? Should the logs generated by 
process_sysctl_arg() be deleted?

Thanks
Xiaoming Ni

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ