| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
Date: Thu, 31 May 2018 12:11:47 +0200
From: Greg Kroah-Hartman <gregkh@...uxfoundation.org>
To: Florian Westphal <fw@...len.de>
Cc: peter pi <tiangangpi@...il.com>, Jan Engelhardt <jengelh@...i.de>,
Eric Dumazet <eric.dumazet@...il.com>,
Greg Hackmann <ghackmann@...gle.com>,
Pablo Neira Ayuso <pablo@...filter.org>,
Jozsef Kadlecsik <kadlec@...ckhole.kfki.hu>,
Michal Kubecek <mkubecek@...e.cz>,
netfilter-devel@...r.kernel.org, coreteam@...filter.org,
netdev@...r.kernel.org
Subject: Re: [PATCH v2] netfilter: properly initialize xt_table_info structure
On Thu, May 31, 2018 at 11:07:58AM +0200, Florian Westphal wrote:
> Greg Kroah-Hartman <gregkh@...uxfoundation.org> wrote:
> > On Thu, May 31, 2018 at 10:24:36AM +0200, Florian Westphal wrote:
> > > peter pi <tiangangpi@...il.com> wrote:
> > > > Hi Greg, I applied this patch on 4.4 and tested it on my Pixel 2, it seems
> > > > the problem still exists,
> > >
> > > What is the problem exactly?
> >
> > The problem is that kernel data is being sent to userspace due to an
> > uncleared buffer that was allocated and then copied to userspace. This
> > can be reproduced by dumping the current set of iptables rules. Peter
> > had an example reproducing script that he used to specifically show
> > this. Peter, can you provide that?
> >
> > I thought that initializing this buffer to zero would solve the problem,
> > but I guess I cleared the wrong buffer :(
>
> Never mind, this test was on 4.4 not 4.14.
>
> But even on 4.14 i don't see how zeroing a buffer that will
> be filled via copy_from_user would help.
It should be copy_to_user() :)
Powered by blists - more mailing lists