lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list] 
Date:   Mon, 24 Oct 2022 08:42:57 +0800
From:   Hawkins Jiawei <yin31149@...il.com>
To:     viro@...iv.linux.org.uk, raven@...maw.net
Cc:     18801353760@....com, linux-fsdevel@...r.kernel.org,
        linux-kernel@...r.kernel.org, yin31149@...il.com,
        akpm@...ux-foundation.org, cmaiolino@...hat.com,
        dhowells@...hat.com, hughd@...gle.com, miklos@...redi.hu,
        oliver.sang@...el.com, penguin-kernel@...ove.sakura.ne.jp,
        siddhesh@...plt.org,
        syzbot+db1d2ea936378be0e4ea@...kaller.appspotmail.com,
        syzkaller-bugs@...glegroups.com, tytso@....edu, smfrench@...il.com,
        pc@....nz, lsahlber@...hat.com, sprasad@...rosoft.com,
        tom@...pey.com
Subject: Re: [PATCH -next 0/5] fs: fix possible null-ptr-deref when parsing param

On Mon, 24 Oct 2022 at 00:48, Al Viro <viro@...iv.linux.org.uk> wrote:
>
> On Mon, Oct 24, 2022 at 12:39:41AM +0800, Hawkins Jiawei wrote:
> > According to commit "vfs: parse: deal with zero length string value",
> > kernel will set the param->string to null pointer in vfs_parse_fs_string()
> > if fs string has zero length.
> >
> > Yet the problem is that, when fs parses its mount parameters, it will
> > dereferences the param->string, without checking whether it is a
> > null pointer, which may trigger a null-ptr-deref bug.
> >
> > So this patchset reviews all functions for fs to parse parameters,
> > by using `git grep -n "\.parse_param" fs/*`, and adds sanity check
> > on param->string if its function will dereference param->string
> > without check.
>
> How about reverting the commit in question instead?  Or dropping it
> from patch series, depending upon the way akpm handles the pile
> these days...

I think both are OK.

On one hand, commit "vfs: parse: deal with zero length string value"
seems just want to make output more informattive, which probably is not
the one which must be applied immediately to fix the
panic.

On the other hand, commit "vfs: parse: deal with zero length string value"
affects so many file systems, so there are probably some deeper
null-ptr-deref bugs I ignore, which may take time to review.

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ