| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
Date: Mon, 30 Aug 2010 19:50:02 +0200 From: Johannes Berg <johannes@...solutions.net> To: jt@....hp.com Cc: Kees Cook <kees.cook@...onical.com>, linux-kernel@...r.kernel.org, "John W. Linville" <linville@...driver.com>, "David S. Miller" <davem@...emloft.net>, Eric Dumazet <eric.dumazet@...il.com>, Joe Perches <joe@...ches.com>, Tejun Heo <tj@...nel.org>, linux-wireless@...r.kernel.org, netdev@...r.kernel.org Subject: Re: [PATCH] wireless: fix 64K kernel heap content leak via ioctl On Mon, 2010-08-30 at 10:40 -0700, Jean Tourrilhes wrote: > Ha ! I see. It would be for regular iwpoint queries, not for > extended NOMAX queries (scan is a extended NOMAX query). Yeah, that took a while to sink in here too .. > I actually like your patch better than mine, it's closer to > the original intent of the API. Go for it ;-) > Thanks a lot for the second pair of eyes. And thank you for looking over my patch. I guess the real bug is still in cfg80211 there. Initially I considered setting iwp->length to zero, rather than max_tokens. What do you think about doing that? The reason I decided to use max_tokens was that somebody might look at the length value to know how much to copy (which is OK only in NOMAX queries); but that would be a more severe driver bug ... can't really make up my mind. We just copy back zeroes anyway. johannes -- To unsubscribe from this list: send the line "unsubscribe netdev" in the body of a message to majordomo@...r.kernel.org More majordomo info at http://vger.kernel.org/majordomo-info.html
Powered by blists - more mailing lists