lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list] 
Message-ID: <CAB9dFdsCnAeitHcNJRY+f8eG=exrgpBZpczfMhHHXLvCR32MaA@mail.gmail.com>
Date:   Mon, 11 Dec 2023 13:37:24 -0400
From:   Marc Dionne <marc.dionne@...istor.com>
To:     David Howells <dhowells@...hat.com>
Cc:     Markus Suvanto <markus.suvanto@...il.com>,
        linux-afs@...ts.infradead.org, keyrings@...r.kernel.org,
        linux-fsdevel@...r.kernel.org, linux-kernel@...r.kernel.org
Subject: Re: [PATCH 2/3] afs: Fix dynamic root lookup DNS check

On Mon, Dec 11, 2023 at 12:34 PM David Howells <dhowells@...hat.com> wrote:
>
> In the afs dynamic root directory, the ->lookup() function does a DNS check
> on the cell being asked for and if the DNS upcall reports an error it will
> report an error back to userspace (typically ENOENT).
>
> However, if a failed DNS upcall returns a new-style result, it will return
> a valid result, with the status field set appropriately to indicate the
> type of failure - and in that case, dns_query() doesn't return an error and
> we let stat() complete with no error - which can cause confusion in
> userspace as subsequent calls that trigger d_automount then fail with
> ENOENT.
>
> Fix this by checking the status result from a valid dns_query() and
> returning an error if it indicates a failure.
>
> Fixes: bbb4c4323a4d ("dns: Allow the dns resolver to retrieve a server set")
> Reported-by: Markus Suvanto <markus.suvanto@...il.com>
> Closes: https://bugzilla.kernel.org/show_bug.cgi?id=216637
> Signed-off-by: David Howells <dhowells@...hat.com>
> cc: Marc Dionne <marc.dionne@...istor.com>
> cc: linux-afs@...ts.infradead.org
> ---
>  fs/afs/dynroot.c | 18 ++++++++++++++++--
>  1 file changed, 16 insertions(+), 2 deletions(-)
>
> diff --git a/fs/afs/dynroot.c b/fs/afs/dynroot.c
> index 34474a061654..4089d77a7a4d 100644
> --- a/fs/afs/dynroot.c
> +++ b/fs/afs/dynroot.c
> @@ -114,6 +114,7 @@ static int afs_probe_cell_name(struct dentry *dentry)
>         struct afs_net *net = afs_d2net(dentry);
>         const char *name = dentry->d_name.name;
>         size_t len = dentry->d_name.len;
> +       char *result = NULL;
>         int ret;
>
>         /* Names prefixed with a dot are R/W mounts. */
> @@ -131,9 +132,22 @@ static int afs_probe_cell_name(struct dentry *dentry)
>         }
>
>         ret = dns_query(net->net, "afsdb", name, len, "srv=1",
> -                       NULL, NULL, false);
> -       if (ret == -ENODATA || ret == -ENOKEY)
> +                       &result, NULL, false);
> +       if (ret == -ENODATA || ret == -ENOKEY || ret == 0)
>                 ret = -ENOENT;
> +       if (ret >= sizeof(struct dns_server_list_v1_header)) {

This needs an additional ret > 0 check, as the comparison may return
true with a negative ret if it gets promoted to an unsigned.

> +               struct dns_server_list_v1_header *v1 = (void *)result;
> +
> +               if (v1->hdr.zero == 0 &&
> +                   v1->hdr.content == DNS_PAYLOAD_IS_SERVER_LIST &&
> +                   v1->hdr.version == 1 &&
> +                   (v1->status != DNS_LOOKUP_GOOD &&
> +                    v1->status != DNS_LOOKUP_GOOD_WITH_BAD))
> +                       return -ENOENT;
> +
> +       }
> +
> +       kfree(result);
>         return ret;
>  }

Marc

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ