lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite for Android: free password hash cracker in your pocket
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list] 
Date:   Mon,  9 Nov 2020 13:30:54 +0100 (CET)
From:   Michal Kubecek <mkubecek@...e.cz>
To:     netdev@...r.kernel.org
Cc:     Ido Schimmel <idosch@...sch.org>, Ivan Vecera <ivecera@...hat.com>
Subject: [PATCH ethtool 1/2] netlink: fix use after free in
 netlink_run_handler()

Valgrind detected use after free in netlink_run_handler(): some members of
struct nl_context are accessed after the netlink context is freed by
netlink_done(). Use local variables to store the two flags and check them
instead.

Fixes: 6c19c0d559c8 ("netlink: use genetlink ops information to decide about fallback")
Signed-off-by: Michal Kubecek <mkubecek@...e.cz>
---
 netlink/netlink.c | 10 +++++++---
 1 file changed, 7 insertions(+), 3 deletions(-)

diff --git a/netlink/netlink.c b/netlink/netlink.c
index f655f6ea25b7..aaaabdd3048e 100644
--- a/netlink/netlink.c
+++ b/netlink/netlink.c
@@ -457,6 +457,7 @@ void netlink_run_handler(struct cmd_context *ctx, nl_func_t nlfunc,
 			 bool no_fallback)
 {
 	bool wildcard = ctx->devname && !strcmp(ctx->devname, WILDCARD_DEVNAME);
+	bool wildcard_unsupported, ioctl_fallback;
 	struct nl_context *nlctx;
 	const char *reason;
 	int ret;
@@ -478,14 +479,17 @@ void netlink_run_handler(struct cmd_context *ctx, nl_func_t nlfunc,
 	nlctx = ctx->nlctx;
 
 	ret = nlfunc(ctx);
+	wildcard_unsupported = nlctx->wildcard_unsupported;
+	ioctl_fallback = nlctx->ioctl_fallback;
 	netlink_done(ctx);
-	if (no_fallback || ret != -EOPNOTSUPP || !nlctx->ioctl_fallback) {
-		if (nlctx->wildcard_unsupported)
+
+	if (no_fallback || ret != -EOPNOTSUPP || !ioctl_fallback) {
+		if (wildcard_unsupported)
 			fprintf(stderr, "%s\n",
 				"subcommand does not support wildcard dump");
 		exit(ret >= 0 ? ret : 1);
 	}
-	if (nlctx->wildcard_unsupported)
+	if (wildcard_unsupported)
 		reason = "subcommand does not support wildcard dump";
 	else
 		reason = "kernel netlink support for subcommand missing";
-- 
2.29.2

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ