lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [<thread-prev] [day] [month] [year] [list] 
Message-ID: <8781b7c9-65e4-47c1-8f1a-5cbc7a975128@oracle.com>
Date: Thu, 24 Apr 2025 14:15:43 +0530
From: Harshit Mogalapalli <harshit.m.mogalapalli@...cle.com>
To: Dan Carpenter <dan.carpenter@...aro.org>, Simon Horman
 <horms@...nel.org>,
        Greg Kroah-Hartman <gregkh@...uxfoundation.org>
Cc: cve@...nel.org, linux-kernel@...r.kernel.org,
        linux-cve-announce@...r.kernel.org,
        Simon Horman
 <simon.horman@...igine.com>,
        Dan Carpenter <error27@...il.com>, netdev@...r.kernel.org
Subject: Re: CVE-2024-49995: tipc: guard against string buffer overrun

Hi,


On 24/04/25 13:47, Dan Carpenter wrote:
> On Thu, Apr 24, 2025 at 11:41:01AM +0530, Harshit Mogalapalli wrote:
...
>>
>> https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/commit/?id=6555a2a9212be6983d2319d65276484f7c5f431a&context=30
>>
>>
>>   	/* validate component parts of bearer name */
>>   	if ((media_len <= 1) || (media_len > TIPC_MAX_MEDIA_NAME) ||
>>   	    (if_len <= 1) || (if_len > TIPC_MAX_IF_NAME))
>>   		return 0;
>>
>>   	/* return bearer name components, if necessary */
>>   	if (name_parts) {
>> -		strcpy(name_parts->media_name, media_name);
>> -		strcpy(name_parts->if_name, if_name);
>> +		if (strscpy(name_parts->media_name, media_name,
>> +			    TIPC_MAX_MEDIA_NAME) < 0)
>> +			return 0;
>> +		if (strscpy(name_parts->if_name, if_name,
>> +			    TIPC_MAX_IF_NAME) < 0)
>> +			return 0;
>>   	}
>>   	return 1;
>>
>>
>>
>> both media_len and if_len have validation checks above the if(name_parts)
>> check. So I think this patch just silences the static checker warnings.
>>
>> Simon/Dan , could you please help confirming that ?
> 
> Correct.  The "validate component parts of bearer name" checks are
> sufficient.  This will not affect runtime.
> 

Thanks a lot Dan and Simon for confirming this.

Greg: Should we get this CVE-2024-49995 revoked ?


Regards,
Harshit
> regards,
> dan carpenter
>

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ