| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
Date: Sun, 21 Mar 2021 18:07:37 -0700
From: Cong Wang <xiyou.wangcong@...il.com>
To: Pavel Machek <pavel@...x.de>
Cc: kernel list <linux-kernel@...r.kernel.org>,
"David S. Miller" <davem@...emloft.net>,
Jakub Kicinski <kuba@...nel.org>,
Alexei Starovoitov <ast@...nel.org>,
Daniel Borkmann <daniel@...earbox.net>,
Andrii Nakryiko <andriin@...com>,
Eric Dumazet <edumazet@...gle.com>,
Wei Wang <weiwan@...gle.com>,
Cong Wang <cong.wang@...edance.com>,
Taehee Yoo <ap420073@...il.com>,
Björn Töpel <bjorn@...nel.org>,
Linux Kernel Network Developers <netdev@...r.kernel.org>
Subject: Re: net/dev: fix information leak to userspace
On Sun, Mar 21, 2021 at 9:34 AM Pavel Machek <pavel@...x.de> wrote:
>
> dev_get_mac_address() does not always initialize whole
> structure. Unfortunately, other code copies such structure to
> userspace, leaking information. Fix it.
Well, most callers already initialize it with a memset() or copy_from_user(),
for example, __tun_chr_ioctl():
if (cmd == TUNSETIFF || cmd == TUNSETQUEUE ||
(_IOC_TYPE(cmd) == SOCK_IOC_TYPE && cmd != SIOCGSKNS)) {
if (copy_from_user(&ifr, argp, ifreq_len))
return -EFAULT;
} else {
memset(&ifr, 0, sizeof(ifr));
}
Except tap_ioctl(), but we can just initialize 'sa' there instead of doing
it in dev_get_mac_address().
Thanks.
Powered by blists - more mailing lists