| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening PHC | |
|
Open Source and information security mailing list archives
| ||
|
Date: Thu, 8 Oct 2020 11:12:02 +0200
From: Eric Dumazet <eric.dumazet@...il.com>
To: Jakub Kicinski <kuba@...nel.org>, davem@...emloft.net
Cc: netdev@...r.kernel.org, kernel-team@...com,
johannes@...solutions.net, jiri@...nulli.us, andrew@...n.ch,
mkubecek@...e.cz
Subject: Re: [PATCH net-next v2 3/7] ethtool: trim policy tables
On 10/6/20 12:07 AM, Jakub Kicinski wrote:
> Since ethtool uses strict attribute validation there's no need
> to initialize all attributes in policy tables. 0 is NLA_UNSPEC
> which is going to be rejected. Remove the NLA_REJECTs.
>
> Similarly attributes above maxattrs are rejected, so there's
> no need to always size the policy tables to ETHTOOL_A_..._MAX.
>
This implies that all policy tables must be 'complete'.
strset_stringsets_policy[] for example is :
static const struct nla_policy strset_stringsets_policy[] = {
[ETHTOOL_A_STRINGSETS_STRINGSET] = { .type = NLA_NESTED },
};
So when later strset_parse_request() does :
req_info->counts_only = tb[ETHTOOL_A_STRSET_COUNTS_ONLY];
We have an out-of-bound access since ETHTOOL_A_STRSET_COUNTS_ONLY > ETHTOOL_A_STRINGSETS_STRINGSET
Not sure what was the expected type for this attribute, the kernel
only looks at its presence, not its value.
Powered by blists - more mailing lists