lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list] 
Date:   Thu, 3 Oct 2019 16:45:25 -0300
From:   Marcelo Ricardo Leitner <marcelo.leitner@...il.com>
To:     Jakub Kicinski <jakub.kicinski@...ronome.com>
Cc:     Cong Wang <xiyou.wangcong@...il.com>,
        David Ahern <dsahern@...il.com>,
        Linux Kernel Network Developers <netdev@...r.kernel.org>,
        syzbot <syzbot+618aacd49e8c8b8486bd@...kaller.appspotmail.com>,
        Jamal Hadi Salim <jhs@...atatu.com>,
        Jiri Pirko <jiri@...nulli.us>
Subject: Re: [Patch net] net_sched: add max len check for TCA_KIND

On Sat, Sep 21, 2019 at 07:24:34PM -0700, Jakub Kicinski wrote:
> On Wed, 18 Sep 2019 22:15:24 -0700, Cong Wang wrote:
> > On Wed, Sep 18, 2019 at 7:41 PM David Ahern <dsahern@...il.com> wrote:
> > > On 9/18/19 5:24 PM, Cong Wang wrote:  
> > > > The TCA_KIND attribute is of NLA_STRING which does not check
> > > > the NUL char. KMSAN reported an uninit-value of TCA_KIND which
> > > > is likely caused by the lack of NUL.
> > > >
> > > > Change it to NLA_NUL_STRING and add a max len too.
> > > >
> > > > Fixes: 8b4c3cdd9dd8 ("net: sched: Add policy validation for tc attributes")  
> > >
> > > The commit referenced here did not introduce the ability to go beyond
> > > memory boundaries with string comparisons. Rather, it was not complete
> > > solution for attribute validation. I say that wrt to the fix getting
> > > propagated to the correct stable releases.  
> > 
> > I think this patch should be backported to wherever commit 8b4c3cdd9dd8
> > goes, this is why I picked it as Fixes.
> 
> Applied, queued for 4.14+, thanks!

Ahm, this breaks some user applications.

I'm getting "Attribute failed policy validation" extack error while
adding ingress qdisc on an app using libmnl, because it just doesn't
pack the null byte there if it uses mnl_attr_put_str():
https://git.netfilter.org/libmnl/tree/src/attr.c#n481
Unless it uses mnl_attr_put_strz() instead.

Though not sure who's to blame here, as one could argue that the
app should have been using the latter in the first place, but well..
it worked and produced the right results.

Ditto for 199ce850ce11 ("net_sched: add policy validation for action
attributes") on TCA_ACT_KIND.

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ