lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  PHC 
Open Source and information security mailing list archives
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [<thread-prev] [day] [month] [year] [list]
Date:   Sun, 11 Dec 2022 09:38:54 +0000
From:   Al Viro <>
To:     Eric Dumazet <>
Cc:     syzbot <>,,,,,,,,,
Subject: Re: [syzbot] WARNING in _copy_from_iter

On Thu, Dec 08, 2022 at 08:38:14PM +0100, Eric Dumazet wrote:

> Exposes an old bug in tipc ?
> Seems a new check added by Al in :
> Author: Al Viro <>
> Date:   Thu Sep 15 20:11:15 2022 -0400
>     iov_iter: saner checks for attempt to copy to/from iterator
>     instead of "don't do it to ITER_PIPE" check for ->data_source being
>     false on copying from iterator.  Check for !->data_source for
>     copying to iterator, while we are at it.
>     Signed-off-by: Al Viro <>

Lovely...  zero-length sendmsg with uninitialized ->msg_data...

	I would probably argue that it's a bug in tipc_connect(),
fixed by iov_iter_kvec(&m.msg_iter, ITER_SOURCE, NULL, 0, 0);
in there.  Depends - if that kind of uninitialized msg_iter used
as zero length source or zero length destination is a frequent pattern,
might as well make zero-byte copy_...iter() succeed quietly;
I hope it isn't, but that's definitely something I'd missed
when doing that series.

	I'll take a look tomorrow^Win the morning, after I get
some sleep...

Powered by blists - more mailing lists