| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
Message-ID: <YWXBfx77qrbFzLAf@linux-mips.org>
Date: Tue, 12 Oct 2021 19:10:23 +0200
From: Ralf Baechle <ralf@...ux-mips.org>
To: Christoph Hellwig <hch@....de>
Cc: netdev@...r.kernel.org, "David S. Miller" <davem@...emloft.net>,
Jakub Kicinski <kuba@...nel.org>,
Thomas Osterried <thomas@...erried.de>,
linux-hams@...r.kernel.org
Subject: Re: [PATCH] ax25: Fix use of copy_from_sockptr() in ax25_setsockopt()
On Tue, Oct 12, 2021 at 08:23:09AM +0200, Christoph Hellwig wrote:
> On Thu, Sep 30, 2021 at 06:24:35PM +0200, Ralf Baechle wrote:
> > The destination pointer passed to copy_from_sockptr() is an unsigned long *
> > but the source in userspace is an unsigned int * resulting in an integer
> > of the wrong size being copied from userspace.
> >
> > This happens to work on 32 bit but breaks 64-bit where bytes 4..7 will not
> > be initialized. By luck it may work on little endian but on big endian
> > where the userspace data is copied to the upper 32 bit of the destination
> > it's most likely going to break.
> >
> > A simple test case to demonstrate this setsockopt() issue is:
>
> Looks good,
>
> Reviewed-by: Christoph Hellwig <hch@....de>
Sadly the kernel test robot has raised a bunch of warnings in this patch.
To fix those I'll pull a few fixes from another patch I was planning to
send later and merge them into this patch and post the resulting patch
as v2.
Thanks for the review,
Ralf
Powered by blists - more mailing lists