| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
Message-ID: <bf943fd5-277f-075c-a4c7-d52c2c816e7a@pengutronix.de>
Date: Wed, 1 Apr 2020 12:08:02 +0200
From: Marc Kleine-Budde <mkl@...gutronix.de>
To: Richard Palethorpe <rpalethorpe@...e.com>,
linux-can@...r.kernel.org
Cc: Kees Cook <keescook@...omium.org>, netdev@...r.kernel.org,
security@...nel.org, wg@...ndegger.com, davem@...emloft.net
Subject: Re: [PATCH v2] slcan: Don't transmit uninitialized stack data in
padding
On 4/1/20 12:06 PM, Richard Palethorpe wrote:
> struct can_frame contains some padding which is not explicitly zeroed in
> slc_bump. This uninitialized data will then be transmitted if the stack
> initialization hardening feature is not enabled (CONFIG_INIT_STACK_ALL).
>
> This commit just zeroes the whole struct including the padding.
>
> Signed-off-by: Richard Palethorpe <rpalethorpe@...e.com>
> Fixes: a1044e36e457 ("can: add slcan driver for serial/USB-serial CAN adapters")
> Reviewed-by: Kees Cook <keescook@...omium.org>
> Cc: linux-can@...r.kernel.org
> Cc: netdev@...r.kernel.org
> Cc: security@...nel.org
> Cc: wg@...ndegger.com
> Cc: mkl@...gutronix.de
> Cc: davem@...emloft.net
Acked-by: Marc Kleine-Budde <mkl@...gutronix.de>
Marc
--
Pengutronix e.K. | Marc Kleine-Budde |
Embedded Linux | https://www.pengutronix.de |
Vertretung West/Dortmund | Phone: +49-231-2826-924 |
Amtsgericht Hildesheim, HRA 2686 | Fax: +49-5121-206917-5555 |
Powered by blists - more mailing lists