| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
Date: Wed, 27 Feb 2013 21:22:17 +0100 From: Daniel Borkmann <dborkman@...hat.com> To: Guenter Roeck <linux@...ck-us.net> CC: netdev@...r.kernel.org, "David S. Miller" <davem@...emloft.net> Subject: Re: [PATCH] net: af_packet: Validate parameter size for PACKET_HDRLEN control message On 02/27/2013 08:46 PM, Guenter Roeck wrote: > Building af_packet may fail with > > In function ‘copy_from_user’, > inlined from ‘packet_getsockopt’ at > net/packet/af_packet.c:3215:21: > arch/x86/include/asm/uaccess_32.h:211:26: error: call to > ‘copy_from_user_overflow’ declared with attribute error: copy_from_user() > buffer size is not provably correct > > if built with W=1 due to a missing parameter size validation. > > Signed-off-by: Guenter Roeck <linux@...ck-us.net> > --- > net/packet/af_packet.c | 2 ++ > 1 file changed, 2 insertions(+) > > diff --git a/net/packet/af_packet.c b/net/packet/af_packet.c > index c7bfeff..1976b23 100644 > --- a/net/packet/af_packet.c > +++ b/net/packet/af_packet.c > @@ -3210,6 +3210,8 @@ static int packet_getsockopt(struct socket *sock, int level, int optname, > val = po->tp_version; > break; > case PACKET_HDRLEN: > + if (len < sizeof(int)) > + return -EINVAL; I think this could break some user space applications here, those who e.g. only pass an uint16_t to packet_getsockopt with PACKET_HDRLEN. > if (len > sizeof(int)) > len = sizeof(int); > if (copy_from_user(&val, optval, len)) -- To unsubscribe from this list: send the line "unsubscribe netdev" in the body of a message to majordomo@...r.kernel.org More majordomo info at http://vger.kernel.org/majordomo-info.html
Powered by blists - more mailing lists