| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
Date: Wed, 6 Jul 2022 17:57:42 -0700
From: Jakub Kicinski <kuba@...nel.org>
To: Hoang Huu Le <hoang.h.le@...tech.com.au>
Cc: "jmaloy@...hat.com" <jmaloy@...hat.com>,
"maloy@...jonn.com" <maloy@...jonn.com>,
"ying.xue@...driver.com" <ying.xue@...driver.com>,
Tung Quang Nguyen <tung.q.nguyen@...tech.com.au>,
"pabeni@...hat.com" <pabeni@...hat.com>,
"edumazet@...gle.com" <edumazet@...gle.com>,
"tipc-discussion@...ts.sourceforge.net"
<tipc-discussion@...ts.sourceforge.net>,
"netdev@...r.kernel.org" <netdev@...r.kernel.org>,
"davem@...emloft.net" <davem@...emloft.net>,
"syzbot+a73d24a22eeeebe5f244@...kaller.appspotmail.com"
<syzbot+a73d24a22eeeebe5f244@...kaller.appspotmail.com>
Subject: Re: [net] tipc: fix uninit-value in tipc_nl_node_reset_link_stats
On Thu, 7 Jul 2022 00:22:06 +0000 Hoang Huu Le wrote:
> > The bug you're fixing is that the string is not null-terminated,
> > so strcmp() can read past the end of the attribute.
> >
> No, I'm trying to fix below issues:
>
> BUG: KMSAN: uninit-value in strlen lib/string.c:495 [inline]
> BUG: KMSAN: uninit-value in strstr+0xb4/0x2e0 lib/string.c:840
> strlen lib/string.c:495 [inline]
> strstr+0xb4/0x2e0 lib/string.c:840
> tipc_nl_node_reset_link_stats+0x41e/0xba0 net/tipc/node.c:2582
>
> I assume the link name attribute is empty as root cause.
> So, just checking length is enough for fixing this issue.
I pointed you to the code that does NLA_STRING validation and that
already checks:
if (attrlen < 1)
what am I missing?
Powered by blists - more mailing lists