lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
Open Source and information security mailing list archives
| ||
|
Message-ID: <a6dc78b1-8ae4-4530-acf6-2931e1863e77@embeddedor.com> Date: Mon, 27 Nov 2023 19:33:40 -0600 From: "Gustavo A. R. Silva" <gustavo@...eddedor.com> To: Kees Cook <keescook@...omium.org>, "Gustavo A. R. Silva" <gustavoars@...nel.org> Cc: Joey Gouly <joey.gouly@....com>, "David S. Miller" <davem@...emloft.net>, Eric Dumazet <edumazet@...gle.com>, Jakub Kicinski <kuba@...nel.org>, Paolo Abeni <pabeni@...hat.com>, Bill Wendling <morbo@...gle.com>, netdev@...r.kernel.org, linux-kernel@...r.kernel.org, linux-hardening@...r.kernel.org Subject: Re: [PATCH] neighbour: Fix __randomize_layout crash in struct neighbour On 11/27/23 18:29, Kees Cook wrote: > On Sat, Nov 25, 2023 at 03:33:58PM -0600, Gustavo A. R. Silva wrote: >> Previously, one-element and zero-length arrays were treated as true >> flexible arrays, even though they are actually "fake" flex arrays. >> The __randomize_layout would leave them untouched at the end of the >> struct, similarly to proper C99 flex-array members. >> >> However, this approach changed with commit 1ee60356c2dc ("gcc-plugins: >> randstruct: Only warn about true flexible arrays"). Now, only C99 >> flexible-array members will remain untouched at the end of the struct, >> while one-element and zero-length arrays will be subject to randomization. >> >> Fix a `__randomize_layout` crash in `struct neighbour` by transforming >> zero-length array `primary_key` into a proper C99 flexible-array member. >> >> Fixes: 1ee60356c2dc ("gcc-plugins: randstruct: Only warn about true flexible arrays") >> Closes: https://lore.kernel.org/linux-hardening/20231124102458.GB1503258@e124191.cambridge.arm.com/ >> Signed-off-by: Gustavo A. R. Silva <gustavoars@...nel.org> > > Yes, please. Do we have any other 0-sized arrays hiding out in the > kernel? We need to get these all cleared... I've found 27 instances of zero-length fake-flex arrays in next-20231127. I'll send a patch series to transform all of them. > > Reviewed-by: Kees Cook <keescook@...omium.org> > Thanks! -- Gustavo
Powered by blists - more mailing lists