lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [<thread-prev] [day] [month] [year] [list] 
Date:   Fri, 14 Oct 2022 07:40:16 +0000
From:   patchwork-bot+netdevbpf@...nel.org
To:     Alexander Potapenko <glider@...gle.com>
Cc:     jmaloy@...hat.com, ying.xue@...driver.com, netdev@...r.kernel.org,
        davem@...emloft.net, linux-kernel@...r.kernel.org
Subject: Re: [PATCH] tipc: fix an information leak in tipc_topsrv_kern_subscr

Hello:

This patch was applied to netdev/net.git (master)
by David S. Miller <davem@...emloft.net>:

On Wed, 12 Oct 2022 17:25:14 +0200 you wrote:
> Use a 8-byte write to initialize sub.usr_handle in
> tipc_topsrv_kern_subscr(), otherwise four bytes remain uninitialized
> when issuing setsockopt(..., SOL_TIPC, ...).
> This resulted in an infoleak reported by KMSAN when the packet was
> received:
> 
>   =====================================================
>   BUG: KMSAN: kernel-infoleak in copyout+0xbc/0x100 lib/iov_iter.c:169
>    instrument_copy_to_user ./include/linux/instrumented.h:121
>    copyout+0xbc/0x100 lib/iov_iter.c:169
>    _copy_to_iter+0x5c0/0x20a0 lib/iov_iter.c:527
>    copy_to_iter ./include/linux/uio.h:176
>    simple_copy_to_iter+0x64/0xa0 net/core/datagram.c:513
>    __skb_datagram_iter+0x123/0xdc0 net/core/datagram.c:419
>    skb_copy_datagram_iter+0x58/0x200 net/core/datagram.c:527
>    skb_copy_datagram_msg ./include/linux/skbuff.h:3903
>    packet_recvmsg+0x521/0x1e70 net/packet/af_packet.c:3469
>    ____sys_recvmsg+0x2c4/0x810 net/socket.c:?
>    ___sys_recvmsg+0x217/0x840 net/socket.c:2743
>    __sys_recvmsg net/socket.c:2773
>    __do_sys_recvmsg net/socket.c:2783
>    __se_sys_recvmsg net/socket.c:2780
>    __x64_sys_recvmsg+0x364/0x540 net/socket.c:2780
>    do_syscall_x64 arch/x86/entry/common.c:50
>    do_syscall_64+0x3d/0xb0 arch/x86/entry/common.c:80
>    entry_SYSCALL_64_after_hwframe+0x63/0xcd arch/x86/entry/entry_64.S:120
> 
> [...]

Here is the summary with links:
  - tipc: fix an information leak in tipc_topsrv_kern_subscr
    https://git.kernel.org/netdev/net/c/777ecaabd614

You are awesome, thank you!
-- 
Deet-doot-dot, I am a bot.
https://korg.docs.kernel.org/patchwork/pwbot.html

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ