| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
Message-ID: <1456877540.3098.162.camel@decadent.org.uk>
Date: Wed, 02 Mar 2016 00:12:20 +0000
From: Ben Hutchings <ben@...adent.org.uk>
To: Jacob Keller <jacob.e.keller@...el.com>, netdev@...r.kernel.org
Cc: David Miller <davem@...emloft.net>,
Michał Mirosław <mirq-linux@...e.qmqm.pl>,
Ben Hutchings <bhutchings@...arflare.com>,
Jeff Garzik <jeff@...zik.org>,
Alexander Duyck <alexander.duyck@...il.com>,
Mark Rustad <mark.d.rustad@...el.com>
Subject: Re: [PATCH v2] ethtool: check size of user memory before copying
strings and stats
On Tue, 2016-03-01 at 14:25 -0800, Jacob Keller wrote:
> Since at least 2005, (oldest commit in ethtool.git), the userspace
> ethtool implementation has given the size of the memory it has allocated
> as the actual size in the ethtool data structures. We previously blindly
> ignore this and overwrite the requested size with the current size
> returned by .get_strings or .get_sset_count. This can cause problems if
> these values aren't static.
[...]
NAK, ethtool is not the only consumer of the ethtool API. How many
times do I have to repeat myself?
Ben.
--
Ben Hutchings
Tomorrow will be cancelled due to lack of interest.
Download attachment "signature.asc" of type "application/pgp-signature" (812 bytes)
Powered by blists - more mailing lists