lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [thread-next>] [day] [month] [year] [list] 
Message-Id: <20220104090130.3121751-1-eric.dumazet@gmail.com>
Date:   Tue,  4 Jan 2022 01:01:30 -0800
From:   Eric Dumazet <eric.dumazet@...il.com>
To:     Alexei Starovoitov <ast@...nel.org>,
        Daniel Borkmann <daniel@...earbox.net>
Cc:     "David S . Miller" <davem@...emloft.net>,
        netdev <netdev@...r.kernel.org>,
        Eric Dumazet <edumazet@...gle.com>,
        Eric Dumazet <eric.dumazet@...il.com>,
        bpf <bpf@...r.kernel.org>, syzbot <syzkaller@...glegroups.com>,
        Yonghong Song <yhs@...com>
Subject: [PATCH net] bpf: Add missing map_get_next_key method to bloom filter map

From: Eric Dumazet <edumazet@...gle.com>

It appears map_get_next_key() method is mandatory,
as syzbot is able to trigger a NULL deref in map_get_next_key().

Fixes: 9330986c0300 ("bpf: Add bloom filter map implementation")
Reported-by: syzbot <syzkaller@...glegroups.com>
Signed-off-by: Eric Dumazet <edumazet@...gle.com>
Cc: Alexei Starovoitov <ast@...nel.org>
Cc: Yonghong Song <yhs@...com>
---
 kernel/bpf/bloom_filter.c | 7 +++++++
 1 file changed, 7 insertions(+)

diff --git a/kernel/bpf/bloom_filter.c b/kernel/bpf/bloom_filter.c
index 277a05e9c9849324a277d77eeec12963cc7519b7..34f48058515cfd3f8ea6816ccad1f4a26eba0ebf 100644
--- a/kernel/bpf/bloom_filter.c
+++ b/kernel/bpf/bloom_filter.c
@@ -82,6 +82,12 @@ static int bloom_map_delete_elem(struct bpf_map *map, void *value)
 	return -EOPNOTSUPP;
 }
 
+static int bloom_get_next_key(struct bpf_map *map, void *key,
+			      void *next_key)
+{
+	return -ENOTSUPP;
+}
+
 static struct bpf_map *bloom_map_alloc(union bpf_attr *attr)
 {
 	u32 bitset_bytes, bitset_mask, nr_hash_funcs, nr_bits;
@@ -201,4 +207,5 @@ const struct bpf_map_ops bloom_filter_map_ops = {
 	.map_check_btf = bloom_map_check_btf,
 	.map_btf_name = "bpf_bloom_filter",
 	.map_btf_id = &bpf_bloom_map_btf_id,
+	.map_get_next_key = bloom_get_next_key,
 };
-- 
2.34.1.448.ga2b2bfdf31-goog

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ