lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list] 
Message-ID: <4aae5e2b-f4d5-c260-5bf8-435c525f6c97@I-love.SAKURA.ne.jp>
Date:   Mon, 3 Oct 2022 21:34:43 +0900
From:   Tetsuo Handa <penguin-kernel@...ove.SAKURA.ne.jp>
To:     patchwork-bot+netdevbpf@...nel.org,
        "David S. Miller" <davem@...emloft.net>
Cc:     alex.aring@...il.com, stefan@...enfreihafen.org,
        shaozhengchao@...wei.com, ast@...nel.org, sdf@...gle.com,
        linux-wpan@...r.kernel.org,
        syzbot+5ea725c25d06fb9114c4@...kaller.appspotmail.com,
        syzkaller-bugs@...glegroups.com, bpf@...r.kernel.org,
        netdev@...r.kernel.org
Subject: Re: [PATCH] net/ieee802154: reject zero-sized raw_sendmsg()

On 2022/10/03 21:30, patchwork-bot+netdevbpf@...nel.org wrote:
> Hello:
> 
> This patch was applied to netdev/net.git (master)
> by David S. Miller <davem@...emloft.net>:
> 
> On Sun, 2 Oct 2022 01:43:44 +0900 you wrote:
>> syzbot is hitting skb_assert_len() warning at raw_sendmsg() for ieee802154
>> socket. What commit dc633700f00f726e ("net/af_packet: check len when
>> min_header_len equals to 0") does also applies to ieee802154 socket.
>>
>> Link: https://syzkaller.appspot.com/bug?extid=5ea725c25d06fb9114c4
>> Reported-by: syzbot <syzbot+5ea725c25d06fb9114c4@...kaller.appspotmail.com>
>> Fixes: fd1894224407c484 ("bpf: Don't redirect packets with invalid pkt_len")
>> Signed-off-by: Tetsuo Handa <penguin-kernel@...ove.SAKURA.ne.jp>
>>
>> [...]
> 
> Here is the summary with links:
>   - net/ieee802154: reject zero-sized raw_sendmsg()
>     https://git.kernel.org/netdev/net/c/3a4d061c699b


Are you sure that returning -EINVAL is OK?

In v2 patch, I changed to return 0, for PF_IEEE802154 socket's zero-sized
raw_sendmsg() request was able to return 0.

> 
> You are awesome, thank you!

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ