lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
Open Source and information security mailing list archives
| ||
|
Message-Id: <166573321641.24049.9116902216916223588.git-patchwork-notify@kernel.org> Date: Fri, 14 Oct 2022 07:40:16 +0000 From: patchwork-bot+netdevbpf@...nel.org To: Alexander Potapenko <glider@...gle.com> Cc: jmaloy@...hat.com, ying.xue@...driver.com, netdev@...r.kernel.org, davem@...emloft.net, linux-kernel@...r.kernel.org Subject: Re: [PATCH] tipc: fix an information leak in tipc_topsrv_kern_subscr Hello: This patch was applied to netdev/net.git (master) by David S. Miller <davem@...emloft.net>: On Wed, 12 Oct 2022 17:25:14 +0200 you wrote: > Use a 8-byte write to initialize sub.usr_handle in > tipc_topsrv_kern_subscr(), otherwise four bytes remain uninitialized > when issuing setsockopt(..., SOL_TIPC, ...). > This resulted in an infoleak reported by KMSAN when the packet was > received: > > ===================================================== > BUG: KMSAN: kernel-infoleak in copyout+0xbc/0x100 lib/iov_iter.c:169 > instrument_copy_to_user ./include/linux/instrumented.h:121 > copyout+0xbc/0x100 lib/iov_iter.c:169 > _copy_to_iter+0x5c0/0x20a0 lib/iov_iter.c:527 > copy_to_iter ./include/linux/uio.h:176 > simple_copy_to_iter+0x64/0xa0 net/core/datagram.c:513 > __skb_datagram_iter+0x123/0xdc0 net/core/datagram.c:419 > skb_copy_datagram_iter+0x58/0x200 net/core/datagram.c:527 > skb_copy_datagram_msg ./include/linux/skbuff.h:3903 > packet_recvmsg+0x521/0x1e70 net/packet/af_packet.c:3469 > ____sys_recvmsg+0x2c4/0x810 net/socket.c:? > ___sys_recvmsg+0x217/0x840 net/socket.c:2743 > __sys_recvmsg net/socket.c:2773 > __do_sys_recvmsg net/socket.c:2783 > __se_sys_recvmsg net/socket.c:2780 > __x64_sys_recvmsg+0x364/0x540 net/socket.c:2780 > do_syscall_x64 arch/x86/entry/common.c:50 > do_syscall_64+0x3d/0xb0 arch/x86/entry/common.c:80 > entry_SYSCALL_64_after_hwframe+0x63/0xcd arch/x86/entry/entry_64.S:120 > > [...] Here is the summary with links: - tipc: fix an information leak in tipc_topsrv_kern_subscr https://git.kernel.org/netdev/net/c/777ecaabd614 You are awesome, thank you! -- Deet-doot-dot, I am a bot. https://korg.docs.kernel.org/patchwork/pwbot.html
Powered by blists - more mailing lists