lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list] 
Message-ID: <YCo0aAMajx0AG7JM@dhcp22.suse.cz>
Date:   Mon, 15 Feb 2021 09:44:24 +0100
From:   Michal Hocko <mhocko@...e.com>
To:     Ivan Safonov <insafonov@...il.com>
Cc:     Greg Kroah-Hartman <gregkh@...uxfoundation.org>,
        Andrew Morton <akpm@...ux-foundation.org>,
        Allen Pais <apais@...ux.microsoft.com>,
        Johannes Weiner <hannes@...xchg.org>,
        Waiman Long <longman@...hat.com>,
        Abheek Dhawan <adawesomeguy222@...il.com>,
        devel@...verdev.osuosl.org, linux-kernel@...r.kernel.org
Subject: Re: [PATCH] staging:wlan-ng: use memdup_user instead of
 kmalloc/copy_from_user

On Sat 13-02-21 15:05:28, Ivan Safonov wrote:
> memdup_user() is shorter and safer equivalent
> of kmalloc/copy_from_user pair.
> 
> Signed-off-by: Ivan Safonov <insafonov@...il.com>
> ---
>  drivers/staging/wlan-ng/p80211netdev.c | 28 ++++++++++++--------------
>  1 file changed, 13 insertions(+), 15 deletions(-)
> 
> diff --git a/drivers/staging/wlan-ng/p80211netdev.c b/drivers/staging/wlan-ng/p80211netdev.c
> index a15abb2c8f54..6f9666dc0277 100644
> --- a/drivers/staging/wlan-ng/p80211netdev.c
> +++ b/drivers/staging/wlan-ng/p80211netdev.c
> @@ -569,24 +569,22 @@ static int p80211knetdev_do_ioctl(struct net_device *dev,
>  		goto bail;
>  	}
>  
> -	/* Allocate a buf of size req->len */
> -	msgbuf = kmalloc(req->len, GFP_KERNEL);
> -	if (msgbuf) {
> -		if (copy_from_user(msgbuf, (void __user *)req->data, req->len))
> -			result = -EFAULT;
> -		else
> -			result = p80211req_dorequest(wlandev, msgbuf);
> +	msgbuf = memdup_user(req->data, req->len);

Move to memdup_user is definitely a right step. What is the range of
req->len though? If this can be larger than PAGE_SIZE then vmemdup_user
would be a better alternative.

-- 
Michal Hocko
SUSE Labs

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ