lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [<thread-prev] [day] [month] [year] [list] 
Message-ID: <3c258c4e.20f4b.1788604fd68.Coremail.lyl2019@mail.ustc.edu.cn>
Date:   Wed, 31 Mar 2021 10:02:57 +0800 (GMT+08:00)
From:   lyl2019@...l.ustc.edu.cn
To:     "David Miller" <davem@...emloft.net>
Cc:     santosh.shilimkar@...cle.com, kuba@...nel.org,
        netdev@...r.kernel.org, linux-rdma@...r.kernel.org,
        rds-devel@....oracle.com, linux-kernel@...r.kernel.org
Subject: Re: Re: [PATCH] net/rds: Fix a use after free in
 rds_message_map_pages




> -----原始邮件-----
> 发件人: "David Miller" <davem@...emloft.net>
> 发送时间: 2021-03-31 08:02:28 (星期三)
> 收件人: lyl2019@...l.ustc.edu.cn
> 抄送: santosh.shilimkar@...cle.com, kuba@...nel.org, netdev@...r.kernel.org, linux-rdma@...r.kernel.org, rds-devel@....oracle.com, linux-kernel@...r.kernel.org
> 主题: Re: [PATCH] net/rds: Fix a use after free in rds_message_map_pages
> 
> From: Lv Yunlong <lyl2019@...l.ustc.edu.cn>
> Date: Tue, 30 Mar 2021 03:16:02 -0700
> 
> > @@ -348,7 +348,7 @@ struct rds_message *rds_message_map_pages(unsigned long *page_addrs, unsigned in
> >  	rm->data.op_sg = rds_message_alloc_sgs(rm, num_sgs);
> >  	if (IS_ERR(rm->data.op_sg)) {
> >  		rds_message_put(rm);
> > -		return ERR_CAST(rm->data.op_sg);
> > +		return ERR_PTR(-ENOMEM);
> >  	}
> >  
> >  	for (i = 0; i < rm->data.op_nents; ++i) {
> 
> Maybe instead do:
> 
>       int err = ERR_CAST(rm->data.op_sg);
>       rds_message_put(rm);
>       return err;
> 
> Then if rds_message_alloc_sgs() starts to return other errors, they will propagate.
> 
> Thank you.

The type of ERR_CAST() is void *, not int. 
I think the correct patch is:

        void *err = ERR_CAST(rm->data.op_sg);
        rds_message_put(rm);
        return err;

I have submitted the PATCH v2 for you to review.

Thanks.

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ