lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list] 
Message-ID: <bf27a7bf-04ce-4720-a13c-f19e0069541a@embeddedor.com>
Date: Mon, 28 Oct 2024 16:54:43 -0600
From: "Gustavo A. R. Silva" <gustavo@...eddedor.com>
To: vvvvvv@...gle.com, Johannes Berg <johannes@...solutions.net>,
 Kees Cook <kees@...nel.org>, "Gustavo A. R. Silva" <gustavoars@...nel.org>
Cc: linux-wireless@...r.kernel.org, linux-kernel@...r.kernel.org,
 linux-hardening@...r.kernel.org
Subject: Re: [PATCH] wifi: nl80211: fix bounds checker error in
 nl80211_parse_sched_scan



On 28/10/24 16:18, Aleksei Vetrov via B4 Relay wrote:
> From: Aleksei Vetrov <vvvvvv@...gle.com>
> 
> The channels array in the cfg80211_scan_request has a __counted_by
> attribute attached to it, which points to the n_channels variable. This
> attribute is used in bounds checking, and if it is not set before the
> array is filled, then the bounds sanitizer will issue a warning or a
> kernel panic if CONFIG_UBSAN_TRAP is set.
> 
> This patch sets the size of allocated memory as the initial value for
> n_channels. It is updated with the actual number of added elements after
> the array is filled.
> 

This should include the following tag (and probably CC stable):

Fixes: aa4ec06c455d ("wifi: cfg80211: use __counted_by where appropriate")

Thanks
--
Gustavo

> Signed-off-by: Aleksei Vetrov <vvvvvv@...gle.com>
> ---
>   net/wireless/nl80211.c | 1 +
>   1 file changed, 1 insertion(+)
> 
> diff --git a/net/wireless/nl80211.c b/net/wireless/nl80211.c
> index d7d099f7118ab5d5c745905abdea85d246c2b7b2..9b1b9dc5a7eb2a864da7b0212bc6a156b7757a9d 100644
> --- a/net/wireless/nl80211.c
> +++ b/net/wireless/nl80211.c
> @@ -9776,6 +9776,7 @@ nl80211_parse_sched_scan(struct wiphy *wiphy, struct wireless_dev *wdev,
>   	request = kzalloc(size, GFP_KERNEL);
>   	if (!request)
>   		return ERR_PTR(-ENOMEM);
> +	request->n_channels = n_channels;
>   
>   	if (n_ssids)
>   		request->ssids = (void *)request +
> 
> ---
> base-commit: 81983758430957d9a5cb3333fe324fd70cf63e7e
> change-id: 20241028-nl80211_parse_sched_scan-bounds-checker-fix-c5842f41b863
> 
> Best regards,

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ