lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list] 
Message-ID: <AM4PR0501MB22605B8B202CCE1D9B06350AD13C0@AM4PR0501MB2260.eurprd05.prod.outlook.com>
Date:   Wed, 24 Apr 2019 22:12:42 +0000
From:   Parav Pandit <parav@...lanox.com>
To:     Jason Gunthorpe <jgg@...pe.ca>,
        Dan Carpenter <dan.carpenter@...cle.com>
CC:     "netdev@...r.kernel.org" <netdev@...r.kernel.org>,
        Leon Romanovsky <leon@...nel.org>,
        Eli Cohen <eli@...lanox.com>,
        Doug Ledford <dledford@...hat.com>,
        "linux-rdma@...r.kernel.org" <linux-rdma@...r.kernel.org>,
        "kernel-janitors@...r.kernel.org" <kernel-janitors@...r.kernel.org>
Subject: RE: [PATCH] IB/mlx5: add checking for "vf" from do_setvfinfo()



> -----Original Message-----
> From: Jason Gunthorpe <jgg@...pe.ca>
> Sent: Wednesday, April 24, 2019 9:24 AM
> To: Dan Carpenter <dan.carpenter@...cle.com>
> Cc: Parav Pandit <parav@...lanox.com>; netdev@...r.kernel.org; Leon
> Romanovsky <leon@...nel.org>; Eli Cohen <eli@...lanox.com>; Doug
> Ledford <dledford@...hat.com>; linux-rdma@...r.kernel.org; kernel-
> janitors@...r.kernel.org
> Subject: Re: [PATCH] IB/mlx5: add checking for "vf" from do_setvfinfo()
> 
> On Wed, Apr 24, 2019 at 05:08:20PM +0300, Dan Carpenter wrote:
> > I think I'm just going to ask netdev for an opinion on this.  It could
> > be that we're just reading the code wrong...
> 
> I don't think you are reading it wrong.
> 
> Allowing the compiler to implicitly cast a user controlled u32 to an int is
> simply wrong in all cases, IMHO.
> 
> If the value was intended to be signed from the user it should have been a
> s32. Allowing an unsigned value to become interpreted as negative so often
> leads to security bugs.
> 
> IMHO it would be a good thing for smatch to warn on the general case of
> implicit casting of user controlled data to a smaller range type. Particularly it
> can do a bounds analysis to show the control flow hasn't somehow
> restricted the bounds to be compatible.
> 
> I've seen more that a few real world security bugs that are caused by wrong
> use of 'int' like this :(
> 
> Jason

Hence we should fix the type to be u32 in ndo ops to match netlink type core and in driver, instead of < 0 check.

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ