| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
Date: Mon, 18 Oct 2021 11:36:13 -0600
From: Shuah Khan <skhan@...uxfoundation.org>
To: Luis Chamberlain <mcgrof@...nel.org>
Cc: jeyu@...nel.org, linux-kernel@...r.kernel.org,
Shuah Khan <skhan@...uxfoundation.org>
Subject: Re: [PATCH] module: fix validate_section_offset() overflow bug on
64-bit
On 10/15/21 3:14 PM, Luis Chamberlain wrote:
> On Fri, Oct 15, 2021 at 02:57:41PM -0600, Shuah Khan wrote:
>> validate_section_offset() uses unsigned long local variable to
>> add/store shdr->sh_offset and shdr->sh_size on all platforms.
>> unsigned long is too short when sh_offset is Elf64_Off which
>> would be the case on 64bit ELF headers.
>>
>> Fix the overflow problem using the right size local variable when
>> CONFIG_64BIT is defined.
>>
>> Signed-off-by: Shuah Khan <skhan@...uxfoundation.org>
>
> Thanks for doing this! I put this through the 0-day grinder.
>
> In the meantime, since this talks about a fix, can the commit log be a
> bit more descriptive about the impact of not applying the fix? In what
> situation would not having this patch applied create an issue? Is this
> theoretical or can an issue really happen. Has an issue gone
> undiscovered for a while, and if so what could the consequences
> have been all along?
>
I found this when I was adding an error message to print the offset and
size.
> And it would seem this issue was found through code inspection, not
> through a real bug, correct? If this can be clarified on the commit log
> as well that would be great!
>
Sent v2 with updated commit log.
thanks,
-- Shuah
Powered by blists - more mailing lists