| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
Message-ID: <1512491661.26976.19.camel@sipsolutions.net>
Date: Tue, 05 Dec 2017 17:34:21 +0100
From: Johannes Berg <johannes@...solutions.net>
To: David Miller <davem@...emloft.net>
Cc: linux-wireless@...r.kernel.org, netdev@...r.kernel.org, j@...fi,
dsahern@...il.com
Subject: Re: [PATCH net 1/2] netlink: add NLA_U8_BUGGY attribute type
On Tue, 2017-12-05 at 11:31 -0500, David Miller wrote:
>
> > We could try to fix up the big endian problem here, but we
> > don't know *how* userspace misbehaved - if using nla_put_u32
> > then we could, but we also found a debug tool (which we'll
> > ignore for the purposes of this regression) that was putting
> > the padding into the length.
> We're stuck with this thing forever... I'd like to consider other
> options.
>
> I've seen this problem at least one time before, therefore I
> suggest when we see a U8 attribute with a U32's length:
>
> 1) We access it as a u32, this takes care of all endianness
> issues.
Possible, but as I said above, I've seen at least one tool (a debug
only script) now that will actually emit a U8 followed by 3 bytes of
padding to make it netlink-aligned, but set the length to 4. That would
be broken by making this change.
I'm not saying this is bad - but there are different levels of
compatibility and I'd probably go for "bug compatibility" here rather
than "fix-it-up compatibility".
Your call, ultimately - I've already fixed the tool I had found :-)
> 2) We emit a warning so that the app gets fixes.
For sure.
johannes
Powered by blists - more mailing lists