| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
Date: Sat, 13 Nov 2021 10:26:29 -0800
From: Linus Torvalds <torvalds@...ux-foundation.org>
To: Steven Rostedt <rostedt@...dmis.org>
Cc: LKML <linux-kernel@...r.kernel.org>,
Daniel Bristot de Oliveira <bristot@...nel.org>,
Kalesh Singh <kaleshsingh@...gle.com>,
Masami Hiramatsu <mhiramat@...nel.org>,
Ingo Molnar <mingo@...nel.org>,
Andrew Morton <akpm@...ux-foundation.org>
Subject: Re: [GIT PULL] tracing: Three small fixes for 5.16
On Sat, Nov 13, 2021 at 5:35 AM Steven Rostedt <rostedt@...dmis.org> wrote:
>
> - Copy just actual size of histogram strings
I have pulled this, but I think it's wrong. Or at least it looks
_very_ suspicious.
> - strscpy(str, val_str, STR_VAR_LEN_MAX);
> + strscpy(str, val_str, val->size);
So now it doesn't overrun the source string any more, but I don't see
what protects it from not overrunning the destination - which is
indeed STR_VAR_LEN_MAX.
Maybe 'val->size' is guaranteed to be sufficiently limited, but that
sure as hell isn't obvious at least lkocally.
So if I read this all right, if you ever have a FILTER_STATIC_STRING
or a FILTER_PTR_STRING that has a field->size that is larger than
STR_VAR_LEN_MAX, you're now screwed.
Maybe that is unrealistic, and never happens. And yes, STR_VAR_LEN_MAX
is fairly big, but I would personally be happier if these kinds of
things checked BOTH the source limits and the destination limits.
And no, we don't have that kind of string helper. I've talked about
this before: people tend to always think that string copies are about
"either source limit or destination limit", but the fact is, both can
exist.
Linus
Powered by blists - more mailing lists