lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [<thread-prev] [day] [month] [year] [list] 
Message-ID: <2025042434-stoic-growl-a7ec@gregkh>
Date: Thu, 24 Apr 2025 15:44:43 +0200
From: Greg Kroah-Hartman <gregkh@...uxfoundation.org>
To: Harshit Mogalapalli <harshit.m.mogalapalli@...cle.com>
Cc: Dan Carpenter <dan.carpenter@...aro.org>,
	Simon Horman <horms@...nel.org>, cve@...nel.org,
	linux-kernel@...r.kernel.org, linux-cve-announce@...r.kernel.org,
	Simon Horman <simon.horman@...igine.com>,
	Dan Carpenter <error27@...il.com>, netdev@...r.kernel.org
Subject: Re: CVE-2024-49995: tipc: guard against string buffer overrun

On Thu, Apr 24, 2025 at 02:15:43PM +0530, Harshit Mogalapalli wrote:
> Hi,
> 
> 
> On 24/04/25 13:47, Dan Carpenter wrote:
> > On Thu, Apr 24, 2025 at 11:41:01AM +0530, Harshit Mogalapalli wrote:
> ...
> > > 
> > > https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/commit/?id=6555a2a9212be6983d2319d65276484f7c5f431a&context=30
> > > 
> > > 
> > >   	/* validate component parts of bearer name */
> > >   	if ((media_len <= 1) || (media_len > TIPC_MAX_MEDIA_NAME) ||
> > >   	    (if_len <= 1) || (if_len > TIPC_MAX_IF_NAME))
> > >   		return 0;
> > > 
> > >   	/* return bearer name components, if necessary */
> > >   	if (name_parts) {
> > > -		strcpy(name_parts->media_name, media_name);
> > > -		strcpy(name_parts->if_name, if_name);
> > > +		if (strscpy(name_parts->media_name, media_name,
> > > +			    TIPC_MAX_MEDIA_NAME) < 0)
> > > +			return 0;
> > > +		if (strscpy(name_parts->if_name, if_name,
> > > +			    TIPC_MAX_IF_NAME) < 0)
> > > +			return 0;
> > >   	}
> > >   	return 1;
> > > 
> > > 
> > > 
> > > both media_len and if_len have validation checks above the if(name_parts)
> > > check. So I think this patch just silences the static checker warnings.
> > > 
> > > Simon/Dan , could you please help confirming that ?
> > 
> > Correct.  The "validate component parts of bearer name" checks are
> > sufficient.  This will not affect runtime.
> > 
> 
> Thanks a lot Dan and Simon for confirming this.
> 
> Greg: Should we get this CVE-2024-49995 revoked ?

Yup, now rejected, thanks for the review!

greg k-h

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ