lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite for Android: free password hash cracker in your pocket
[<prev] [next>] [<thread-prev] [day] [month] [year] [list]
Message-ID: <202402161343.DC688FDB@keescook>
Date: Fri, 16 Feb 2024 13:45:52 -0800
From: Kees Cook <keescook@...omium.org>
To: "Gustavo A . R . Silva" <gustavoars@...nel.org>
Cc: Nathan Chancellor <nathan@...nel.org>, linux-hardening@...r.kernel.org,
	linux-kernel@...r.kernel.org
Subject: Re: [PATCH] fortify: Include more details when reporting overflows

On Fri, Feb 16, 2024 at 12:39:41PM -0800, Kees Cook wrote:
> When a memcpy() would exceed the length of an entire structure, no
> detailed WARN would be emitted, making debugging a bit more challenging.
> Similarly, other buffer overflow reports would have no size information
> reported.
>
> Always warn for memcpy() overflows, but distinguish between the two
> cases in the message before continuing (warn-only) or blocking the copy
> (hard-fail). Additionally add size information to existing overflow
> reports.
>
> Signed-off-by: Kees Cook <keescook@...omium.org>

This will need a v2 ... something in my manipulations is triggering a
bizarre warning in Clang:


./fs/dlm/rcom.c:490:13: error: member reference type 'int' is not a pointer
  490 |         memcpy(rc->rc_buf, rc_in->rc_buf, sizeof(struct rcom_lock));
      |                ~~  ^
./include/linux/fortify-string.h:636:47: note: expanded from macro 'memcpy'
  636 | #define memcpy(p, q, s)  __fortify_memcpy_chk(p, q, s,                  \
      |                                               ^
./include/linux/fortify-string.h:591:20: note: expanded from macro '__fortify_memcpy_chk'
  591 |         __underlying_##op(p, q, __fortify_size);                        \
      |                           ^


I'll track it down...

--
Kees Cook

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ