| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
Date: Wed, 14 Jul 2021 18:34:15 -0700
From: Alexei Starovoitov <alexei.starovoitov@...il.com>
To: Song Liu <song@...nel.org>
Cc: He Fengqing <hefengqing@...wei.com>,
Alexei Starovoitov <ast@...nel.org>,
Daniel Borkmann <daniel@...earbox.net>,
Andrii Nakryiko <andrii@...nel.org>,
Martin KaFai Lau <kafai@...com>,
Song Liu <songliubraving@...com>, Yonghong Song <yhs@...com>,
John Fastabend <john.fastabend@...il.com>,
KP Singh <kpsingh@...nel.org>,
"David S . Miller" <davem@...emloft.net>,
Networking <netdev@...r.kernel.org>, bpf <bpf@...r.kernel.org>,
open list <linux-kernel@...r.kernel.org>
Subject: Re: [bpf-next, v2] bpf: verifier: Fix potential memleak and UAF in
bpf verifier
On Wed, Jul 14, 2021 at 5:54 PM Song Liu <song@...nel.org> wrote:
> > - return 0;
> > + return;
> No need to say return here.
>
> > }
> >
> > static void adjust_subprog_starts(struct bpf_verifier_env *env, u32 off, u32 len)
> > @@ -11492,6 +11490,14 @@ static struct bpf_prog *bpf_patch_insn_data(struct bpf_verifier_env *env, u32 of
> > const struct bpf_insn *patch, u32 len)
> > {
> > struct bpf_prog *new_prog;
> > + struct bpf_insn_aux_data *new_data = NULL;
> > +
> > + if (len > 1) {
> > + new_data = vzalloc(array_size(env->prog->len + len - 1,
> > + sizeof(struct bpf_insn_aux_data)));
> > + if (!new_data)
> > + return NULL;
I removed the redundant 'return' that Song pointed out and the
redundant 'if' above.
And applied to bpf-next.
Though it's a fix, I think it's ok to go via bpf-next, since even
syzbot didn't find it.
Powered by blists - more mailing lists