lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list]
Message-ID: <20170423080027.GA843@bp>
Date:   Sun, 23 Apr 2017 16:00:27 +0800
From:   PanBian <bianpan2016@....com>
To:     Joe Perches <joe@...ches.com>
Cc:     Ying Xue <ying.xue@...driver.com>,
        "David S. Miller" <davem@...emloft.net>, netdev@...r.kernel.org,
        tipc-discussion@...ts.sourceforge.net, linux-kernel@...r.kernel.org
Subject: Re: [PATCH 1/1] tipc: check return value of nlmsg_new

On Sun, Apr 23, 2017 at 12:17:16AM -0700, Joe Perches wrote:
> On Sun, 2017-04-23 at 15:09 +0800, Pan Bian wrote:
> > Function nlmsg_new() will return a NULL pointer if there is no enough
> > memory, and its return value should be checked before it is used.
> > However, in function tipc_nl_node_get_monitor(), the validation of the
> > return value of function nlmsg_new() is missed. This patch fixes the
> > bug.
> 
> Hello.
> 
> Thanks for the patches.
> 
> Are you finding these via a tool or inspection?
> 
> If a tool is being used, could you please describe it?
> 

Yes. I developed a tool to find this kind of bugs.

The detecting idea is simple. In large systems like the Linux kernel, 
most implementations are correct, and incorrect ones are rare. Based on
this observation, we take programs that have different implementations
with others as bugs. For example, in most cases, the return vlaue of
nlmsg_new() is validated and it will not be passed to genlmsg_reply() if
its value is NULL. However, in function tipc_nl_node_get_monitor(), the
validation is missing. The abnormal behavior leads us to believe that
there is a bug.


Thanks for your attention.

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ