| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
Message-ID: <2024052458-unleash-atom-489b@gregkh> Date: Fri, 24 May 2024 08:56:50 +0200 From: Greg KH <gregkh@...uxfoundation.org> To: quic_zijuhu <quic_zijuhu@...cinc.com> Cc: rafael@...nel.org, akpm@...ux-foundation.org, dmitry.torokhov@...il.com, linux-kernel@...r.kernel.org, stable@...r.kernel.org Subject: Re: [PATCH] kobject_uevent: Fix OOB access within zap_modalias_env() On Fri, May 24, 2024 at 01:34:49PM +0800, quic_zijuhu wrote: > On 5/24/2024 1:21 PM, Greg KH wrote: > > On Fri, May 24, 2024 at 01:15:01PM +0800, quic_zijuhu wrote: > >> On 5/24/2024 12:33 PM, Greg KH wrote: > >>> On Fri, May 24, 2024 at 12:20:03PM +0800, Zijun Hu wrote: > >>>> zap_modalias_env() wrongly calculates size of memory block > >>>> to move, so maybe cause OOB memory access issue, fixed by > >>>> correcting size to memmove. > >>> > >>> "maybe" or "does"? That's a big difference :) > >>> > >> i found this issue by reading code instead of really meeting this issue. > >> this issue should be prone to happen if there are more than 1 other > >> environment vars. > > > > But does it? Given that we have loads of memory checkers, and I haven't > > ever seen any report of any overrun, it would be nice to be sure. > > > yes. if @env includes env vairable MODALIAS and more than one other env > vairables. then (env->buflen - len) must be greater that actual size of > "target block" shown previously, so the OOB issue must happen. Then why are none of the tools that we have for catching out-of-bound issues triggered here? Are the tools broken or is this really just not ever happening? It would be good to figure that out... thanks, greg k-h
Powered by blists - more mailing lists