lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening PHC | |
Open Source and information security mailing list archives
| ||
|
Date: Sun, 11 Dec 2022 09:38:54 +0000 From: Al Viro <viro@...iv.linux.org.uk> To: Eric Dumazet <edumazet@...gle.com> Cc: syzbot <syzbot+d43608d061e8847ec9f3@...kaller.appspotmail.com>, davem@...emloft.net, jmaloy@...hat.com, kuba@...nel.org, linux-kernel@...r.kernel.org, netdev@...r.kernel.org, pabeni@...hat.com, syzkaller-bugs@...glegroups.com, tipc-discussion@...ts.sourceforge.net, ying.xue@...driver.com Subject: Re: [syzbot] WARNING in _copy_from_iter On Thu, Dec 08, 2022 at 08:38:14PM +0100, Eric Dumazet wrote: > Exposes an old bug in tipc ? > > Seems a new check added by Al in : > > Author: Al Viro <viro@...iv.linux.org.uk> > Date: Thu Sep 15 20:11:15 2022 -0400 > > iov_iter: saner checks for attempt to copy to/from iterator > > instead of "don't do it to ITER_PIPE" check for ->data_source being > false on copying from iterator. Check for !->data_source for > copying to iterator, while we are at it. > > Signed-off-by: Al Viro <viro@...iv.linux.org.uk> Lovely... zero-length sendmsg with uninitialized ->msg_data... I would probably argue that it's a bug in tipc_connect(), fixed by iov_iter_kvec(&m.msg_iter, ITER_SOURCE, NULL, 0, 0); in there. Depends - if that kind of uninitialized msg_iter used as zero length source or zero length destination is a frequent pattern, might as well make zero-byte copy_...iter() succeed quietly; I hope it isn't, but that's definitely something I'd missed when doing that series. I'll take a look tomorrow^Win the morning, after I get some sleep...
Powered by blists - more mailing lists