| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
Message-ID: <Y5WlLoCBcHbfKBD5@ZenIV>
Date: Sun, 11 Dec 2022 09:38:54 +0000
From: Al Viro <viro@...iv.linux.org.uk>
To: Eric Dumazet <edumazet@...gle.com>
Cc: syzbot <syzbot+d43608d061e8847ec9f3@...kaller.appspotmail.com>,
davem@...emloft.net, jmaloy@...hat.com, kuba@...nel.org,
linux-kernel@...r.kernel.org, netdev@...r.kernel.org,
pabeni@...hat.com, syzkaller-bugs@...glegroups.com,
tipc-discussion@...ts.sourceforge.net, ying.xue@...driver.com
Subject: Re: [syzbot] WARNING in _copy_from_iter
On Thu, Dec 08, 2022 at 08:38:14PM +0100, Eric Dumazet wrote:
> Exposes an old bug in tipc ?
>
> Seems a new check added by Al in :
>
> Author: Al Viro <viro@...iv.linux.org.uk>
> Date: Thu Sep 15 20:11:15 2022 -0400
>
> iov_iter: saner checks for attempt to copy to/from iterator
>
> instead of "don't do it to ITER_PIPE" check for ->data_source being
> false on copying from iterator. Check for !->data_source for
> copying to iterator, while we are at it.
>
> Signed-off-by: Al Viro <viro@...iv.linux.org.uk>
Lovely... zero-length sendmsg with uninitialized ->msg_data...
I would probably argue that it's a bug in tipc_connect(),
fixed by iov_iter_kvec(&m.msg_iter, ITER_SOURCE, NULL, 0, 0);
in there. Depends - if that kind of uninitialized msg_iter used
as zero length source or zero length destination is a frequent pattern,
might as well make zero-byte copy_...iter() succeed quietly;
I hope it isn't, but that's definitely something I'd missed
when doing that series.
I'll take a look tomorrow^Win the morning, after I get
some sleep...
Powered by blists - more mailing lists