lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [<thread-prev] [day] [month] [year] [list] 
Date:   Tue, 16 Feb 2021 11:52:12 -0800
From:   Cong Wang <xiyou.wangcong@...il.com>
To:     Dan Carpenter <dan.carpenter@...cle.com>
Cc:     "Cong Wang ." <cong.wang@...edance.com>,
        Linux Kernel Network Developers <netdev@...r.kernel.org>
Subject: Re: [bug report] net: fix dev_ifsioc_locked() race condition

On Tue, Feb 16, 2021 at 11:40 AM Dan Carpenter <dan.carpenter@...cle.com> wrote:
>
> Hello Cong Wang,
>
> The patch 3b23a32a6321: "net: fix dev_ifsioc_locked() race condition"
> from Feb 11, 2021, leads to the following static checker warning:
>
>         drivers/net/tap.c:1095 tap_ioctl()
>         warn: check that 'sa.sa_family' doesn't leak information
>
> drivers/net/tap.c
>   1084
>   1085          case SIOCGIFHWADDR:
>   1086                  rtnl_lock();
>   1087                  tap = tap_get_tap_dev(q);
>   1088                  if (!tap) {
>   1089                          rtnl_unlock();
>   1090                          return -ENOLINK;
>   1091                  }
>   1092                  ret = 0;
>   1093                  dev_get_mac_address(&sa, dev_net(tap->dev), tap->dev->name);
>
> How do you want to handle errors from dev_get_mac_address()?

I did have a check there but it turns out unnecessary, because the only
error can happen is when the device name is not found, but here
we already have tap->dev, therefore its name is always there and valid.

Thanks.

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ