lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
Open Source and information security mailing list archives
| ||
|
Date: Fri, 16 Sep 2022 08:04:01 -0700 From: Kees Cook <keescook@...omium.org> To: "Jason A. Donenfeld" <Jason@...c4.com> Cc: kuba@...nel.org, pablo@...filter.org, davem@...emloft.net, netdev@...r.kernel.org Subject: Re: [PATCH net 3/3] wireguard: netlink: avoid variable-sized memcpy on sockaddr On Fri, Sep 16, 2022 at 03:37:40PM +0100, Jason A. Donenfeld wrote: > Doing a variable-sized memcpy is slower, and the compiler isn't smart > enough to turn this into a constant-size assignment. > > Further, Kees' latest fortified memcpy will actually bark, because the > destination pointer is type sockaddr, not explicitly sockaddr_in or > sockaddr_in6, so it thinks there's an overflow: > > memcpy: detected field-spanning write (size 28) of single field > "&endpoint.addr" at drivers/net/wireguard/netlink.c:446 (size 16) > > Fix this by just assigning by using explicit casts for each checked > case. > > Cc: Kees Cook <keescook@...omium.org> > Fixes: e7096c131e51 ("net: WireGuard secure network tunnel") > Signed-off-by: Jason A. Donenfeld <Jason@...c4.com> Oh, also, please include reporter details: Reported-by: syzbot+a448cda4dba2dac50de5@...kaller.appspotmail.com -- Kees Cook
Powered by blists - more mailing lists