lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  PHC 
Open Source and information security mailing list archives
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list]
Date:   Fri, 7 Aug 2020 09:21:20 +0200
From:   Christoph Hellwig <>
To:     Eric Dumazet <>
Cc:     Christoph Hellwig <>,
        "David S. Miller" <>,
        Jakub Kicinski <>,
        Alexei Starovoitov <>,
        Daniel Borkmann <>,
        Alexey Kuznetsov <>,
        Hideaki YOSHIFUJI <>,
        Eric Dumazet <>,,,,,,,,,,,,,,,,,,,,,,
        Stefan Schmidt <>
Subject: Re: [PATCH 25/26] net: pass a sockptr_t into ->setsockopt

On Thu, Aug 06, 2020 at 03:21:25PM -0700, Eric Dumazet wrote:
> converting get_user(...)   to  copy_from_sockptr(...) really assumed the optlen
> has been validated to be >= sizeof(int) earlier.
> Which is not always the case, for example here.

Yes.  And besides the bpfilter mess the main reason I even had to add
the sockptr vs just copying optlen in the high-level socket code.

Please take a look at the patch in the other thread to just revert to
the "dumb" version everywhere.

Powered by blists - more mailing lists