lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list] 
Date:   Tue, 4 Oct 2022 19:59:05 +0200
From:   Stefan Schmidt <stefan@...enfreihafen.org>
To:     Alexander Aring <aahringo@...hat.com>,
        Tetsuo Handa <penguin-kernel@...ove.sakura.ne.jp>
Cc:     patchwork-bot+netdevbpf@...nel.org,
        "David S. Miller" <davem@...emloft.net>, alex.aring@...il.com,
        shaozhengchao@...wei.com, ast@...nel.org, sdf@...gle.com,
        linux-wpan@...r.kernel.org,
        syzbot+5ea725c25d06fb9114c4@...kaller.appspotmail.com,
        syzkaller-bugs@...glegroups.com, bpf@...r.kernel.org,
        netdev@...r.kernel.org
Subject: Re: [PATCH] net/ieee802154: reject zero-sized raw_sendmsg()

Hello.

On 04.10.22 00:29, Alexander Aring wrote:
> Hi,
> 
> On Mon, Oct 3, 2022 at 8:35 AM Tetsuo Handa
> <penguin-kernel@...ove.sakura.ne.jp> wrote:
>>
>> On 2022/10/03 21:30, patchwork-bot+netdevbpf@...nel.org wrote:
>>> Hello:
>>>
>>> This patch was applied to netdev/net.git (master)
>>> by David S. Miller <davem@...emloft.net>:
>>>
>>> On Sun, 2 Oct 2022 01:43:44 +0900 you wrote:
>>>> syzbot is hitting skb_assert_len() warning at raw_sendmsg() for ieee802154
>>>> socket. What commit dc633700f00f726e ("net/af_packet: check len when
>>>> min_header_len equals to 0") does also applies to ieee802154 socket.
>>>>
>>>> Link: https://syzkaller.appspot.com/bug?extid=5ea725c25d06fb9114c4
>>>> Reported-by: syzbot <syzbot+5ea725c25d06fb9114c4@...kaller.appspotmail.com>
>>>> Fixes: fd1894224407c484 ("bpf: Don't redirect packets with invalid pkt_len")
>>>> Signed-off-by: Tetsuo Handa <penguin-kernel@...ove.SAKURA.ne.jp>
>>>>
>>>> [...]
>>>
>>> Here is the summary with links:
>>>    - net/ieee802154: reject zero-sized raw_sendmsg()
>>>      https://git.kernel.org/netdev/net/c/3a4d061c699b
>>
>>
>> Are you sure that returning -EINVAL is OK?
>>
>> In v2 patch, I changed to return 0, for PF_IEEE802154 socket's zero-sized
>> raw_sendmsg() request was able to return 0.
> 
> I currently try to get access to kernel.org wpan repositories and try
> to rebase/apply your v2 on it. 

This will only work once I merged net into wpan. Which I normally do 
only after a pull request to avoid merge requests being created.

We have two options here a) reverting this patch and applying v2 of it 
b) Tetsu sending an incremental patch on top of the applied one to come 
to the same state as after v2.


Then it should be fixed in the next
> pull request to net. For netdev maintainers, please don't apply wpan
> patches. Stefan and I will care about it.

Keep in mind that Dave and Jakub do this to help us out because we are 
sometimes slow on applying patches and getting them to net. Normally 
this is all fine for clear fixes.

For -next material I agree this should only go through the wpan-next 
tree for us to coordinate, but for the occasional fix its often faster 
if it hits net directly. Normally I don't mind that. In this case v2 was 
overlooked. But this is easily rectified with either of the two options 
mentioned above.

regards
Stefan Schmidt

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ