lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list] 
Message-ID: <cd3a1383-9d6a-19ad-fd6e-c45da7e646b4@linaro.org>
Date:   Tue, 13 Dec 2022 15:41:36 +0100
From:   Krzysztof Kozlowski <krzysztof.kozlowski@...aro.org>
To:     Minsuk Kang <linuxlovemin@...sei.ac.kr>, netdev@...r.kernel.org
Cc:     linma@....edu.cn, davem@...emloft.net, sameo@...ux.intel.com,
        linville@...driver.com, dokyungs@...sei.ac.kr,
        jisoo.jang@...sei.ac.kr
Subject: Re: [PATCH net v2] nfc: pn533: Clear nfc_target before being used

On 13/12/2022 15:38, Krzysztof Kozlowski wrote:
> On 13/12/2022 15:27, Minsuk Kang wrote:
>> Fix a slab-out-of-bounds read that occurs in nla_put() called from
>> nfc_genl_send_target() when target->sensb_res_len, which is duplicated
>> from an nfc_target in pn533, is too large as the nfc_target is not
>> properly initialized and retains garbage values. Clear nfc_targets with
>> memset() before they are used.
>>
>> Found by a modified version of syzkaller.
>>
>> BUG: KASAN: slab-out-of-bounds in nla_put
>> Call Trace:
>>  memcpy
>>  nla_put
>>  nfc_genl_dump_targets
>>  genl_lock_dumpit
>>  netlink_dump
>>  __netlink_dump_start
>>  genl_family_rcv_msg_dumpit
>>  genl_rcv_msg
>>  netlink_rcv_skb
>>  genl_rcv
>>  netlink_unicast
>>  netlink_sendmsg
>>  sock_sendmsg
>>  ____sys_sendmsg
>>  ___sys_sendmsg
>>  __sys_sendmsg
>>  do_syscall_64
>>
>> Fixes: 673088fb42d0 ("NFC: pn533: Send ATR_REQ directly for active device detection")
>> Fixes: 361f3cb7f9cf ("NFC: DEP link hook implementation for pn533")
>> Reviewed-by: Krzysztof Kozlowski <krzysztof.kozlowski@...aro.org>
> 
> How did it happen? From where did you get it?

I double checked - I did not send it. This is some fake tag. Please do
not add fake/invented/created tags with people's names.

Best regards,
Krzysztof

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ