lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list]
Message-ID: <20170911071955.GZ5465@leo.usersys.redhat.com>
Date:   Mon, 11 Sep 2017 15:19:55 +0800
From:   Hangbin Liu <liuhangbin@...il.com>
To:     Phil Sutter <phil@....cc>, netdev@...r.kernel.org,
        Stephen Hemminger <stephen@...workplumber.org>,
        Michal Kubecek <mkubecek@...e.cz>
Subject: Re: [PATCH iproute2 1/2] lib/libnetlink: re malloc buff if size is
 not enough

Hi Phil and Michal,
On Fri, Sep 08, 2017 at 04:51:13PM +0200, Phil Sutter wrote:
> Hi,
> 
> On Fri, Sep 08, 2017 at 10:01:31PM +0800, Hangbin Liu wrote:
> [...]
> > Since we have to use two static bufffers. So how about check like
> > 
> > 	if (len > strlen(buffer))
> 
> I don't think that will work. We are reusing the buffer and it contains
> binary data, so a NUL byte may appear anywhere. I fear you will have to
> change rtnl_recvmsg() to accept a buflen parameter which callers have to
> define statically together with the buffer pointer.

OK
> 
> Regarding Michal's concern about reentrancy, maybe we should go into a
> different direction and make rtnl_recvmsg() return a newly allocated
> buffer which the caller has to free.

Hmm... But we could not free the buf in __rtnl_talk(). Because in
__rtnl_talk() we assign the answer with the buf address and return to caller.

	for (h = (struct nlmsghdr *)buf; status >= sizeof(*h); ) {
		[...]
		if (answer) {
			*answer= h;
			return 0;
		}
	}

And the caller will keep use it in later code. Since there are plenty of
functions called rtnl_talk. I think it would be much more complex to free
the buffer every time.


Hi Michal,

Would you like to tell me more about your concern with reentrancy? It's looks
arpd doesn't call rtnl_talk() or rtnl_dump_filter_l().

Thanks
Hangbin

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ