| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
Message-ID: <1472128800.24772.11.camel@sipsolutions.net>
Date: Thu, 25 Aug 2016 14:40:00 +0200
From: Johannes Berg <johannes@...solutions.net>
To: Hannes Frederic Sowa <hannes@...essinduktion.org>,
Lennart Sorensen <lsorense@...lub.uwaterloo.ca>,
Al Viro <viro@...IV.linux.org.uk>
Cc: Joe Perches <joe@...ches.com>, David Miller <davem@...emloft.net>,
ben@...adent.org.uk, luis.henriques@...onical.com,
avijitnsec@...eaurora.org, netdev@...r.kernel.org,
linux-kernel@...r.kernel.org
Subject: Re: CVE-2014-9900 fix is not upstream
> If we want to go down this route, probably the only option is to add
> __attribute__((pack)) those structs to just have no padding at all,
> thus breaking uapi.
>
We could also spell out the padding bytes as reserved, i.e. instead of
struct ethtool_wolinfo {
__u32 cmd;
__u32 supported;
__u32 wolopts;
__u8 sopass[SOPASS_MAX]; // 6, actually
};
we could do
struct ethtool_wolinfo {
__u32 cmd;
__u32 supported;
__u32 wolopts;
__u8 sopass[SOPASS_MAX]; // 6, actually
__u8 reserved[2];
};
and then the compiler has to properly treat it, since it's no longer
unnamed padding.
Maybe somebody can come up with a smart BUILD_BUG_ON() to ensure such
structs have no padding.
That would allow us to keep the C99 initializers (which is nice) and
not have to worry about this.
johannes
Powered by blists - more mailing lists