| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
Message-ID: <20180531090758.gwvbzpd4iu74yakj@breakpoint.cc>
Date: Thu, 31 May 2018 11:07:58 +0200
From: Florian Westphal <fw@...len.de>
To: Greg Kroah-Hartman <gregkh@...uxfoundation.org>
Cc: Florian Westphal <fw@...len.de>, peter pi <tiangangpi@...il.com>,
Jan Engelhardt <jengelh@...i.de>,
Eric Dumazet <eric.dumazet@...il.com>,
Greg Hackmann <ghackmann@...gle.com>,
Pablo Neira Ayuso <pablo@...filter.org>,
Jozsef Kadlecsik <kadlec@...ckhole.kfki.hu>,
Michal Kubecek <mkubecek@...e.cz>,
netfilter-devel@...r.kernel.org, coreteam@...filter.org,
netdev@...r.kernel.org
Subject: Re: [PATCH v2] netfilter: properly initialize xt_table_info structure
Greg Kroah-Hartman <gregkh@...uxfoundation.org> wrote:
> On Thu, May 31, 2018 at 10:24:36AM +0200, Florian Westphal wrote:
> > peter pi <tiangangpi@...il.com> wrote:
> > > Hi Greg, I applied this patch on 4.4 and tested it on my Pixel 2, it seems
> > > the problem still exists,
> >
> > What is the problem exactly?
>
> The problem is that kernel data is being sent to userspace due to an
> uncleared buffer that was allocated and then copied to userspace. This
> can be reproduced by dumping the current set of iptables rules. Peter
> had an example reproducing script that he used to specifically show
> this. Peter, can you provide that?
>
> I thought that initializing this buffer to zero would solve the problem,
> but I guess I cleared the wrong buffer :(
Never mind, this test was on 4.4 not 4.14.
But even on 4.14 i don't see how zeroing a buffer that will
be filled via copy_from_user would help.
Powered by blists - more mailing lists