lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [thread-next>] [day] [month] [year] [list] 
Message-ID: <4ce29654-4e1e-4680-9c25-715823ff5e02@p183>
Date:   Thu, 30 Mar 2023 15:10:03 +0300
From:   Alexey Dobriyan <adobriyan@...il.com>
To:     Joe Lawrence <joe.lawrence@...hat.com>
Cc:     live-patching@...r.kernel.org, linux-kernel@...r.kernel.org,
        linux-kbuild@...r.kernel.org, Josh Poimboeuf <jpoimboe@...nel.org>,
        Miroslav Benes <mbenes@...e.cz>,
        Petr Mladek <pmladek@...e.com>,
        Marcos Paulo de Souza <mpdesouza@...e.com>
Subject: Re: [PATCH v7 00/10] livepatch: klp-convert tool

Joe Lawrence wrote:
> +static int update_strtab(struct elf *elf)
> +{
>
> +	buf = malloc(new_size);
> +	if (!buf) {
> +		WARN("malloc failed");
> +		return -1;
> +	}
> +	memcpy(buf, (void *)strtab->data, orig_size);

This code is called realloc(). :-)

> +static int write_file(struct elf *elf, const char *file)
> +{
>
> +	fd = creat(file, 0664);
> +	e = elf_begin(fd, ELF_C_WRITE, NULL);

elf_end() doesn't close descriptor, so there is potentially corrupted
data. There is no unlink() call if writes fail as well.

> +void elf_close(struct elf *elf)
> +{
> +
> +	if (elf->fd > 0)
> +		close(elf->fd);

Techically, it is "fd >= 0".

> +filechk_klp_map = \
> +	echo "klp-convert-symbol-data.0.1";		\
> +	echo "*vmlinux";				\
> +	$(NM) -f posix vmlinux | cut -d\  -f1;		\
> +	sort $(MODORDER) $(MODULES_LIVEPATCH) |		\

This probably should be "LC_ALL=C sort" for speed and reproducibility (?).

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ