| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
Message-ID: <20241031170428.27c1f26a@kernel.org> Date: Thu, 31 Oct 2024 17:04:28 -0700 From: Jakub Kicinski <kuba@...nel.org> To: Breno Leitao <leitao@...ian.org> Cc: Jonathan Corbet <corbet@....net>, Akinobu Mita <akinobu.mita@...il.com>, "David S. Miller" <davem@...emloft.net>, Eric Dumazet <edumazet@...gle.com>, Paolo Abeni <pabeni@...hat.com>, Andrew Morton <akpm@...ux-foundation.org>, kernel-team@...a.com, Thomas Huth <thuth@...hat.com>, "Paul E. McKenney" <paulmck@...nel.org>, "Borislav Petkov (AMD)" <bp@...en8.de>, Steven Rostedt <rostedt@...dmis.org>, Xiongwei Song <xiongwei.song@...driver.com>, Mina Almasry <almasrymina@...gle.com>, Kuniyuki Iwashima <kuniyu@...zon.com>, Alexander Lobakin <aleksander.lobakin@...el.com>, Oleksij Rempel <o.rempel@...gutronix.de>, "open list:DOCUMENTATION" <linux-doc@...r.kernel.org>, open list <linux-kernel@...r.kernel.org>, "open list:NETWORKING [GENERAL]" <netdev@...r.kernel.org> Subject: Re: [PATCH net-next v4] net: Implement fault injection forcing skb reallocation On Thu, 31 Oct 2024 02:41:18 -0700 Breno Leitao wrote: > > Should we mention here that KASAN or some such is needed to catch > > the bugs? Chances are the resulting UAF will not crash and go unnoticed > > without KASAN. > > What about adding something like this in the fail_skb_realloc section in > the fault-injection.rst file: SG > > the buffer needs to be null terminated, like: > > > > skb_realloc.devname[IFNAMSIZ - 1] = '\0'; > > > > no? > > Yes, but isn't it what the next line do, with strim()? I could be wrong, but looks like first thing strim does is call strlen()
Powered by blists - more mailing lists