lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite for Android: free password hash cracker in your pocket
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list] 
Message-ID: <30707.1363701570@warthog.procyon.org.uk>
Date:	Tue, 19 Mar 2013 13:59:30 +0000
From:	David Howells <dhowells@...hat.com>
To:	David Miller <davem@...emloft.net>, dan.carpenter@...cle.com
Cc:	dhowells@...hat.com, netdev@...r.kernel.org,
	kernel-janitors@...r.kernel.org
Subject: Re: [patch] RxRPC: use copy_to_user() instead of memcpy()

David Miller <davem@...emloft.net> wrote:

> >  		/* copy the peer address and timestamp */
> >  		if (!continue_call) {
> > -			if (msg->msg_name && msg->msg_namelen > 0)
> > -				memcpy(msg->msg_name,
> > -				       &call->conn->trans->peer->srx,
> > -				       sizeof(call->conn->trans->peer->srx));
> 
> I bet the size is too large for a sockaddr_storage, and therefore we
> spam the kernel stack.  So I can only guess that changing this to a
> copy_to_user() fixes the hang because it simply faults on the kernel
> destination address.

Maybe, though I don't see how that would just fix the hang rather than
oopsing.  If Dan can printk the following:

	msg->msg_namelen
	sizeof(call->conn->trans->peer->srx)

before doing the memcpy, that could be handy.

David
--
To unsubscribe from this list: send the line "unsubscribe netdev" in
the body of a message to majordomo@...r.kernel.org
More majordomo info at  http://vger.kernel.org/majordomo-info.html

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ