lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [<thread-prev] [day] [month] [year] [list] 
Message-ID: <31AFFC7280259C4184970ABA9AFE8B93E464E308@avmb3.qlogic.org>
Date:	Wed, 27 May 2015 08:32:08 +0000
From:	Manish Chopra <manish.chopra@...gic.com>
To:	Vladimir Zapolskiy <vz@...ia.com>,
	David Miller <davem@...emloft.net>,
	Sony Chacko <sony.chacko@...gic.com>,
	Rajesh Borundia <rajesh.borundia@...gic.com>
CC:	netdev <netdev@...r.kernel.org>
Subject: RE: [PATCH] net: netxen: correct sysfs bin attribute return code

> -----Original Message-----
> From: Vladimir Zapolskiy [mailto:vz@...ia.com]
> Sent: Tuesday, May 26, 2015 6:20 AM
> To: David Miller; Manish Chopra; Sony Chacko; Rajesh Borundia
> Cc: netdev
> Subject: [PATCH] net: netxen: correct sysfs bin attribute return code
> 
> If read() syscall requests unexpected number of bytes from "dimm" binary
> attribute file, return EINVAL instead of EPERM.
> 
> At the same time pin down sysfs file size to the fixed sizeof(struct
> netxen_dimm_cfg), which allows to exploit some missing sanity checks from
> kernfs (file boundary checks vs offset etc.)
> 
> Signed-off-by: Vladimir Zapolskiy <vz@...ia.com>
> ---
>  drivers/net/ethernet/qlogic/netxen/netxen_nic_main.c | 6 +++---
>  1 file changed, 3 insertions(+), 3 deletions(-)
> 
> diff --git a/drivers/net/ethernet/qlogic/netxen/netxen_nic_main.c
> b/drivers/net/ethernet/qlogic/netxen/netxen_nic_main.c
> index e0c31e3..6409a06 100644
> --- a/drivers/net/ethernet/qlogic/netxen/netxen_nic_main.c
> +++ b/drivers/net/ethernet/qlogic/netxen/netxen_nic_main.c
> @@ -3025,9 +3025,9 @@ netxen_sysfs_read_dimm(struct file *filp, struct
> kobject *kobj,
>  	u8 dw, rows, cols, banks, ranks;
>  	u32 val;
> 
> -	if (size != sizeof(struct netxen_dimm_cfg)) {
> +	if (size < attr->size) {
>  		netdev_err(netdev, "Invalid size\n");
> -		return -1;
> +		return -EINVAL;
>  	}
> 
>  	memset(&dimm, 0, sizeof(struct netxen_dimm_cfg)); @@ -3137,7
> +3137,7 @@ out:
> 
>  static struct bin_attribute bin_attr_dimm = {
>  	.attr = { .name = "dimm", .mode = (S_IRUGO | S_IWUSR) },
> -	.size = 0,
> +	.size = sizeof(struct netxen_dimm_cfg),
>  	.read = netxen_sysfs_read_dimm,
>  };
> 

Acked-by: Manish Chopra <manish.chopra@...gic.com>

Thanks.
--
To unsubscribe from this list: send the line "unsubscribe netdev" in
the body of a message to majordomo@...r.kernel.org
More majordomo info at  http://vger.kernel.org/majordomo-info.html

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ