lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [<thread-prev] [day] [month] [year] [list] 
Date:   Sat, 03 Dec 2016 23:11:38 -0500 (EST)
From:   David Miller <davem@...emloft.net>
To:     sd@...asysnail.net
Cc:     netdev@...r.kernel.org, linville@...driver.com
Subject: Re: [PATCH net] geneve: avoid use-after-free of skb->data

From: Sabrina Dubroca <sd@...asysnail.net>
Date: Sat, 3 Dec 2016 01:33:26 +0100

> I'd like to try something based on static analysis. We'd need a way to
> tag cached pointers to skb->data (via ip_hdr() or whatever), and
> propagate the notion that pskb_expand_head() makes these cached
> pointers stale through layers of function calls.  I don't know how
> feasible this is with the tools we have.

Perhaps create helpers that have some special attribute attached to
them like "skb_volatile" or whatever.  ip_hdr() et al would go through
them.

Then the static analysis tool is told that pskb_expand_head() "kills"
all skb_volatile obtained values, and it could basically mark all such
variables as uninitialized.

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ