[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list]
Message-ID: <20130227204336.GC7993@hmsreliant.think-freely.org>
Date: Wed, 27 Feb 2013 15:43:36 -0500
From: Neil Horman <nhorman@...driver.com>
To: Guenter Roeck <linux@...ck-us.net>
Cc: netdev@...r.kernel.org, linux-sctp@...r.kernel.org,
Vlad Yasevich <vyasevich@...il.com>,
Sridhar Samudrala <sri@...ibm.com>,
"David S. Miller" <davem@...emloft.net>
Subject: Re: [PATCH] net/sctp: Validate parameter size for
SCTP_GET_ASSOC_STATS control message
On Wed, Feb 27, 2013 at 12:22:55PM -0800, Guenter Roeck wrote:
> On Wed, Feb 27, 2013 at 03:09:31PM -0500, Neil Horman wrote:
> > On Wed, Feb 27, 2013 at 11:43:51AM -0800, Guenter Roeck wrote:
> > > Building sctp may fail with:
> > >
> > > In function ‘copy_from_user’,
> > > inlined from ‘sctp_getsockopt_assoc_stats’ at
> > > net/sctp/socket.c:5656:20:
> > > arch/x86/include/asm/uaccess_32.h:211:26: error: call to
> > > ‘copy_from_user_overflow’ declared with attribute error: copy_from_user()
> > > buffer size is not provably correct
> > >
> > > if built with W=1 due to a missing parameter size validation.
> > >
> > > Signed-off-by: Guenter Roeck <linux@...ck-us.net>
> > > ---
> > > net/sctp/socket.c | 2 ++
> > > 1 file changed, 2 insertions(+)
> > >
> > > diff --git a/net/sctp/socket.c b/net/sctp/socket.c
> > > index cedd9bf..0a5f2bf 100644
> > > --- a/net/sctp/socket.c
> > > +++ b/net/sctp/socket.c
> > > @@ -5652,6 +5652,8 @@ static int sctp_getsockopt_assoc_stats(struct sock *sk, int len,
> > > /* User must provide at least the assoc id */
> > > if (len < sizeof(sctp_assoc_t))
> > > return -EINVAL;
> > > + if (len > sizeof(struct sctp_assoc_stats))
> > > + len = sizeof(struct sctp_assoc_stats);
> > >
> > > if (copy_from_user(&sas, optval, len))
> > > return -EFAULT;
> > > --
> > > 1.7.9.7
> > >
> > >
> >
> > Theres more than that going on here. This will fix the warning, but the
> > function is written such that, if you pass in a size that is greater than the
> > size of a struct sctp_association, but less than a struct sctp_assoc_stats. I'm
> > not sure that a partial stat struct is really that useful to people. What if
> > you were to check for max(struct sctp_association, struct sctp_assoc_stats) as
> > your minimum length check, then just did a copy_from_user of that length. It
> > would save you having to compute two lengths separately, since you could then
> > just do a copy_to_user(...,sizeof(struct sctp_assoc_stats), at the bottom of
> > that function.
> >
> Yes, but that would require input from someone who knows the code. All I am trying
> to accomplish is to ensure that copy_from_user does not overwrite the stack.
>
Not really, its pretty straightforward. Although, its kind of moot, after Daves
note I looked again, and if the size of the stats structure is less than the
association structure, everything works fine, but if the association is smaller
than the association, we'll get an EFAULT on the copy to user. So it all works
out
Acked-by: Neil Horman <nhorman@...driver.com>
Dave
> Thanks,
> Guenter
>
--
To unsubscribe from this list: send the line "unsubscribe netdev" in
the body of a message to majordomo@...r.kernel.org
More majordomo info at http://vger.kernel.org/majordomo-info.html
Powered by blists - more mailing lists