lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [thread-next>] [day] [month] [year] [list] 
Date:	Fri, 25 Nov 2011 09:55:50 +0000
From:	Ralf Baechle <ralf@...ux-mips.org>
To:	"David S. Miller" <davem@...emloft.net>
Cc:	netdev@...r.kernel.org, linux-hams@...r.kernel.org,
	Xi Wang <xi.wang@...il.com>, Joerg Reuter <jreuter@...na.de>,
	Alan Cox <alan@...rguk.ukuu.org.uk>,
	Dan Carpenter <dan.carpenter@...cle.com>,
	Walter Harms <wharms@....de>,
	Thomas Osterried <thomas@...erried.de>
Subject: [PATCH 0/4] AX.25 and NET/ROM fixes and improvments.

AX.25 ioctl didn't do sufficient argument checking.  The result of these
overflows is harmless as it will be dealt with further further down in the
stack but an application should get an error code when trying to set
such a bogus value.  To not restrict the more extreme use cases of AX.25
there is no attempt to clamp values to a "sensible" range.

The NET/ROM stack's routing ioctl didn't check the lengths of the mnemonic
string that is being passed as part of the nr_route_struct structure to the
kernel.  In theory this could result in an oops but no memory corruption
but again is fairly harmless because it requires CAP_NET_ADMIN priviledges
which in practice only root has and ax25-tools don't send malformed 
ioctls.

Two further patches simplify the checks at the beginning of nr_rt_ioctl
and do minor reformatting to nr_ioctl.

Patches 1 and 2 are meant for v3.2; 3 and 4 are only cosmetic and thus
are v3.3 material.

Ralf Baechle (4):
  NET: AX.25: Check ioctl arguments to avoid overflows further down the
    road.
  NET: NETROM: When adding a route verify length of mnemonic string.
  NET: NETROM: Cleanup argument SIOCADDRT ioctl argument checking.
  NET: NETROM: Fix formatting.

 net/ax25/af_ax25.c     |   17 +++++++++++------
 net/netrom/af_netrom.c |    3 ++-
 net/netrom/nr_route.c  |   11 +++++++----
 3 files changed, 20 insertions(+), 11 deletions(-)

-- 
1.7.4.4

--
To unsubscribe from this list: send the line "unsubscribe netdev" in
the body of a message to majordomo@...r.kernel.org
More majordomo info at  http://vger.kernel.org/majordomo-info.html

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ