| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
Message-ID: <202306011331.880AF01743@keescook>
Date: Thu, 1 Jun 2023 13:31:33 -0700
From: Kees Cook <keescook@...omium.org>
To: Palmer Dabbelt <palmer@...belt.com>
Cc: Paul Walmsley <paul.walmsley@...ive.com>, ndesaulniers@...gle.com,
linux-kernel@...r.kernel.org, gustavoars@...nel.org,
linux@...mhuis.info, heiko.stuebner@...ll.eu,
linux-hardening@...r.kernel.org, aou@...s.berkeley.edu,
linux-riscv@...ts.infradead.org, joanbrugueram@...il.com,
masahiroy@...nel.org, Conor Dooley <conor.dooley@...rochip.com>,
ajones@...tanamicro.com, hi@...ssa.is
Subject: Re: [PATCH v2] riscv/purgatory: Do not use fortified string functions
On Thu, Jun 01, 2023 at 01:17:03PM -0700, Palmer Dabbelt wrote:
> On Thu, 01 Jun 2023 11:27:03 PDT (-0700), keescook@...omium.org wrote:
> > On Thu, 1 Jun 2023 09:00:28 -0700, Kees Cook wrote:
> > > With the addition of -fstrict-flex-arrays=3, struct sha256_state's
> > > trailing array is no longer ignored by CONFIG_FORTIFY_SOURCE:
> > >
> > > struct sha256_state {
> > > u32 state[SHA256_DIGEST_SIZE / 4];
> > > u64 count;
> > > u8 buf[SHA256_BLOCK_SIZE];
> > > };
> > >
> > > [...]
> >
> > Applied to for-next/hardening, thanks!
> >
> > [1/1] riscv/purgatory: Do not use fortified string functions
> > https://git.kernel.org/kees/c/ca2ca08f479d
>
> Sorry, I'd just applied this to riscv/fixes as well. I can drop it if you
> want? I was going to send a PR tomorrow, just LMK.
I'm fine either way. I was carrying each arch's fix just since it was
related to the -fstrict-flex-arrays=3 patch in the hardening tree.
--
Kees Cook
Powered by blists - more mailing lists