| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
Message-ID: <5138118F.606@asianux.com> Date: Thu, 07 Mar 2013 12:03:27 +0800 From: Chen Gang <gang.chen@...anux.com> To: Ben Hutchings <bhutchings@...arflare.com> CC: David Laight <David.Laight@...LAB.COM>, venkat.x.venkatsubra@...cle.com, David Miller <davem@...emloft.net>, rds-devel@....oracle.com, netdev <netdev@...r.kernel.org> Subject: Re: [PATCH] net/rds: using strlcpy instead of strncpy 于 2013年03月06日 01:00, Ben Hutchings 写道: > This function calls rds_copy_info() to copy the whole of ctr into > userland. > > If ctr is not completely initialised, then the values of the > uninitialised bytes are left over from the local variables of an earlier > system call. If an attacker knows enough about the stack layout (easy > if this is a distribution kernel), they can make a series of system > calls that leak information about heap-allocated objects. That can help > them to exploit other kernel bugs for privilege escalation. So we > should initialise every bit of memory that is going to be copied to > userland. > > (In fact, in general it's not even enough to initialise all fields of > the structure, because there may be padding bytes between them. In this > case we know there isn't, because it's declared as packed.) > > Ben. thank you for your information. I should send patch v2 for it. :-) -- Chen Gang Asianux Corporation -- To unsubscribe from this list: send the line "unsubscribe netdev" in the body of a message to majordomo@...r.kernel.org More majordomo info at http://vger.kernel.org/majordomo-info.html
Powered by blists - more mailing lists