lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite for Android: free password hash cracker in your pocket
[<prev] [next>] [<thread-prev] [day] [month] [year] [list] 
Date:   Thu, 5 May 2022 09:13:25 +0200
From:   Petr Mladek <pmladek@...e.com>
To:     Tao Lan <taolan@...wei.com>
Cc:     senozhatsky@...omium.org, rostedt@...dmis.org,
        john.ogness@...utronix.de, linux-kernel@...r.kernel.org
Subject: Re: [PATCH v2] printk: fix kernel msg leakage in syslog_print_all function;

On Thu 2022-05-05 02:52:10, Tao Lan wrote:
> This function applies for memory but does not initialize the memory,and
> then invokes copy_to_user to copy the memory to the user space, which
> causes kernel information leaks.

It should not happen. copy_to_user() is used this way:

		textlen = record_print_text(&r, true, time);

		if (copy_to_user(buf + len, text, textlen))


It means that only @textlen bytes should be copied to the user space.
It is the length of the message read from the log buffer by
record_print_text().


> [ 148.439660] kernel memory leak value 0xffffff80aed972bc at
> 0xffffffd37f00a000 to 0x704b883e74

How did you produce this message, please?

Best Regards,
Petr

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ