lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite for Android: free password hash cracker in your pocket
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list] 
Message-ID: <20090902233410.19f0705b@nehalam>
Date:	Wed, 2 Sep 2009 23:34:10 -0700
From:	Stephen Hemminger <shemminger@...tta.com>
To:	David Miller <davem@...emloft.net>
Cc:	eric.dumazet@...il.com, netdev@...r.kernel.org
Subject: Re: [PATCH] tc: Fix unitialized kernel memory leak

On Wed, 02 Sep 2009 22:51:08 -0700 (PDT)
David Miller <davem@...emloft.net> wrote:

> From: Stephen Hemminger <shemminger@...tta.com>
> Date: Wed, 2 Sep 2009 12:05:40 -0700
> 
> > On Wed, 02 Sep 2009 14:40:09 +0200
> > Eric Dumazet <eric.dumazet@...il.com> wrote:
> > 
> >> Three bytes of uninitialized kernel memory are currently leaked to user
> >> 
> >> Signed-off-by: Eric Dumazet <eric.dumazet@...il.com>
> >> ---
> >> diff --git a/net/sched/sch_api.c b/net/sched/sch_api.c
> >> index 24d17ce..fdb694e 100644
> >> --- a/net/sched/sch_api.c
> >> +++ b/net/sched/sch_api.c
> >> @@ -1456,6 +1456,8 @@ static int tc_fill_tclass(struct sk_buff *skb, struct Qdisc *q,
> >>  	nlh = NLMSG_NEW(skb, pid, seq, event, sizeof(*tcm), flags);
> >>  	tcm = NLMSG_DATA(nlh);
> >>  	tcm->tcm_family = AF_UNSPEC;
> >> +	tcm->tcm__pad1 = 0;
> >> +	tcm->tcm__pad2 = 0;
> >>  	tcm->tcm_ifindex = qdisc_dev(q)->ifindex;
> >>  	tcm->tcm_parent = q->handle;
> >>  	tcm->tcm_handle = q->handle;
> > 
> > Perhaps __nlmsg_put should just always call memset() for the whole
> > added chunk. It is not like it is critical path in any way, and
> > avoid any of this possible class of errors.
> 
> Doing it in __nlmsg_put would effect a lot of code paths.  I don't
> think you can say with certainty that it won't matter, tree wide.
> 
> What about things like the netfilter conntrack event monitor?  Doesn't
> that emit hundreds of thousands of events per second on a busy
> firewall?

I doubt it would make a noticeable performance difference because
the first memset would incur the cache penalty of the write (if any)
and later update of fields would be cached.

-- 
--
To unsubscribe from this list: send the line "unsubscribe netdev" in
the body of a message to majordomo@...r.kernel.org
More majordomo info at  http://vger.kernel.org/majordomo-info.html

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ