| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
Message-ID: <20120301131356.GS1003@mwanda>
Date: Thu, 1 Mar 2012 16:13:56 +0300
From: Dan Carpenter <dan.carpenter@...cle.com>
To: Pablo Neira Ayuso <pablo@...filter.org>
Cc: santosh nayak <santoshprasadnayak@...il.com>,
bart.de.schuymer@...dora.be, kaber@...sh.net,
shemminger@...tta.com, davem@...emloft.net,
netfilter-devel@...r.kernel.org, netfilter@...r.kernel.org,
coreteam@...filter.org, bridge@...ts.linux-foundation.org,
netdev@...r.kernel.org, linux-kernel@...r.kernel.org,
kernel-janitors@...r.kernel.org
Subject: Re: [PATCH 1/3] netfilter: Fix copy_to_user too small size parametre.
On Thu, Mar 01, 2012 at 02:06:37PM +0100, Pablo Neira Ayuso wrote:
> > Where do we clear "m"?
> >
> > include/linux/netfilter/x_tables.h
> > 287 struct xt_match {
> > 288 struct list_head list;
> > 289
> > 290 const char name[XT_EXTENSION_MAXNAMELEN];
> > 291 u_int8_t revision;
> > 292
> >
> > There is a 2 byte holes here between "revision" and "match()". We
> > copy three bytes past the end of name, so we include revision and
> > the hole.
> >
> > But maybe we memset it somewhere? I'm not sure.
>
> xt_match instances are declared as static for each module so it's
> allocated in the BSS (already zeroed), is that what you mean?
>
Yeah. I didn't know how that worked. Thanks.
regards,
dan carpenter
Download attachment "signature.asc" of type "application/pgp-signature" (837 bytes)
Powered by blists - more mailing lists