lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  PHC 
Open Source and information security mailing list archives
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list]
Date:   Fri, 30 Dec 2016 15:20:57 -0500 (EST)
From:   David Miller <>
Subject: Re: [PATCH v2] scm: fix possible control message header alignment

From: yuan linyu <>
Date: Thu, 29 Dec 2016 20:39:32 +0800

> From: yuan linyu <>
> 1. put_cmsg{_compat}() may copy data to user when buffer free space less than
>    control message header alignment size.
> 2. scm_detach_fds{_compat}() may calc wrong fdmax if control message header
>    have greater alignment size.
> Signed-off-by: yuan linyu <>

But can this actually happen, in practice?

Take, for example, COMPAT_CMSG_DATA().

It aligns "struct compat_cmsghdr" to a multiple of a u32.

I cannot think of any possibly way that, on any architecture

	CMSG_COMPAT_ALIGN(sizeof(struct compat_cmsghdr))

evaludates to any value other than, exactly:

	sizeof(struct compat_cmsghdr)

If you can come up with a case where this does happen in
practice, I will continue to consider this patch.

Otherwise, we should make the assumptions that exist explicit
and get rid of all of the code that does that funny alignment
upon the cmsghdr structure.


Powered by blists - more mailing lists