lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list] 
Message-ID: <CAHTyZGz4T80-gvSaY8hp_bspiL5SVr1mJd7Z1Vv0hVxnvQvkwA@mail.gmail.com>
Date: Tue, 17 Dec 2024 09:03:19 +0100
From: ericnetdev dumazet <erdnetdev@...il.com>
To: Kees Cook <kees@...nel.org>
Cc: Eric Dumazet <edumazet@...gle.com>, "David S. Miller" <davem@...emloft.net>, 
	Jakub Kicinski <kuba@...nel.org>, Paolo Abeni <pabeni@...hat.com>, Ido Schimmel <idosch@...dia.com>, 
	Petr Machata <petrm@...dia.com>, netdev@...r.kernel.org, Simon Horman <horms@...nel.org>, 
	Kuniyuki Iwashima <kuniyu@...zon.com>, linux-kernel@...r.kernel.org, 
	linux-hardening@...r.kernel.org
Subject: Re: [PATCH] rtnetlink: do_setlink: Use true struct sockaddr

Le mar. 17 déc. 2024 à 03:05, Kees Cook <kees@...nel.org> a écrit :
>
> Instead of a heap allocation use a stack allocated struct sockaddr, as
> dev_set_mac_address_user() is the consumer (which uses a classic
> struct sockaddr). Cap the copy to the minimum address size between
> the incoming address and the traditional sa_data field itself.

Not sure what is a 'classic sockaddr'

>
> Putting "sa" on the stack means it will get a reused stack slot since
> it is smaller than other existing single-scope stack variables (like
> the vfinfo array).
>
> Signed-off-by: Kees Cook <kees@...nel.org>
> ---
> Cc: Eric Dumazet <edumazet@...gle.com>
> Cc: "David S. Miller" <davem@...emloft.net>
> Cc: Jakub Kicinski <kuba@...nel.org>
> Cc: Paolo Abeni <pabeni@...hat.com>
> Cc: Ido Schimmel <idosch@...dia.com>
> Cc: Petr Machata <petrm@...dia.com>
> Cc: netdev@...r.kernel.org
> ---
>  net/core/rtnetlink.c | 22 +++++++---------------
>  1 file changed, 7 insertions(+), 15 deletions(-)
>
> diff --git a/net/core/rtnetlink.c b/net/core/rtnetlink.c
> index ab5f201bf0ab..6da0edc0870d 100644
> --- a/net/core/rtnetlink.c
> +++ b/net/core/rtnetlink.c
> @@ -3048,21 +3048,13 @@ static int do_setlink(const struct sk_buff *skb, struct net_device *dev,
>         }
>
>         if (tb[IFLA_ADDRESS]) {
> -               struct sockaddr *sa;
> -               int len;
> -
> -               len = sizeof(sa_family_t) + max_t(size_t, dev->addr_len,
> -                                                 sizeof(*sa));
> -               sa = kmalloc(len, GFP_KERNEL);
> -               if (!sa) {
> -                       err = -ENOMEM;
> -                       goto errout;
> -               }
> -               sa->sa_family = dev->type;
> -               memcpy(sa->sa_data, nla_data(tb[IFLA_ADDRESS]),
> -                      dev->addr_len);
> -               err = dev_set_mac_address_user(dev, sa, extack);
> -               kfree(sa);
> +               struct sockaddr sa = { };
> +
> +               /* dev_set_mac_address_user() uses a true struct sockaddr. */
> +               sa.sa_family = dev->type;
> +               memcpy(sa.sa_data, nla_data(tb[IFLA_ADDRESS]),
> +                      min(dev->addr_len, sizeof(sa.sa_data_min)));
> +               err = dev_set_mac_address_user(dev, &sa, extack);

Have you added debug checks in dev_set_mac_address_user() to make sure
dev->addr_len is always smaller than 14 ?

I think we support devices with bigger addresses.

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ