| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
Message-ID: <20200119123239.GB795@breakpoint.cc> Date: Sun, 19 Jan 2020 13:32:39 +0100 From: Florian Westphal <fw@...len.de> To: David Miller <davem@...emloft.net> Cc: fw@...len.de, netdev@...r.kernel.org Subject: Re: [PATCH net-next] netlink: make getters tolerate NULL nla arg David Miller <davem@...emloft.net> wrote: > From: Florian Westphal <fw@...len.de> > Date: Thu, 16 Jan 2020 15:55:22 +0100 > > > One recurring bug pattern triggered by syzbot is NULL dereference in > > netlink code paths due to a missing "tb[NL_ARG_FOO] != NULL" test. > > > > At least some of these missing checks would not have crashed the kernel if > > the various nla_get_XXX helpers would return 0 in case of missing arg. > > > > Make the helpers return 0 instead of crashing when a null nla is provided. > > Even with allyesconfig the .text increase is only about 350 bytes. > > > > Signed-off-by: Florian Westphal <fw@...len.de> > > Sorry, I think it's better to find out when code is trying to access > attributes without verifying that they are even supplied. Less than 24 hours after I saw this patch marked rejected syzbot reported another incarnation of this pattern. Would you consider a v2 with a WARN_ON_ONCE() added (and the buildbot warning resolved)? Thanks.
Powered by blists - more mailing lists