lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list] 
Message-Id: <20180519.230021.538446373514892322.davem@davemloft.net>
Date:   Sat, 19 May 2018 23:00:21 -0400 (EDT)
From:   David Miller <davem@...emloft.net>
To:     ying.xue@...driver.com
Cc:     netdev@...r.kernel.org, jon.maloy@...csson.com,
        syzkaller-bugs@...glegroups.com,
        tipc-discussion@...ts.sourceforge.net
Subject: Re: [PATCH net-next] tipc: eliminate complaint of KMSAN
 uninit-value in tipc_conn_rcv_sub

From: Ying Xue <ying.xue@...driver.com>
Date: Fri, 18 May 2018 19:50:55 +0800

> As variable s of struct tipc_subscr type is not initialized
> in tipc_conn_rcv_from_sock() before it is used in tipc_conn_rcv_sub(),
> KMSAN reported the following uninit-value type complaint:

I agree with others that the short read is the bug.

You need to decide what should happen if not a full tipc_subscr object
is obtained from the sock_recvmsg() call.

Proceeding to pass it on to tipc_conn_rcv_sub() cannot possibly be
correct.

You're not getting what you are expecting from the peer, the memset()
you are adding doesn't change that.

And once you get this badly sized read, what does that do to
the stream of subsequent recvmsg calls here?

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ