lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list]
Message-ID: <CAKH8qBunUNSHDHQysavzS2PwXuro8aHanS8_3=8GYSEvib=5SQ@mail.gmail.com>
Date: Thu, 8 Jun 2023 09:27:16 -0700
From: Stanislav Fomichev <sdf@...gle.com>
To: zhangmingyi <zhangmingyi5@...wei.com>
Cc: andrii@...nel.org, ast@...nel.org, bpf@...r.kernel.org, 
	daniel@...earbox.net, davem@...emloft.net, edumazet@...gle.com, 
	hsinweih@....edu, jakub@...udflare.com, john.fastabend@...il.com, 
	kongweibin2@...wei.com, kuba@...nel.org, linux-kernel@...r.kernel.org, 
	liuxin350@...wei.com, netdev@...r.kernel.org, pabeni@...hat.com, 
	syzbot+49f6cef45247ff249498@...kaller.appspotmail.com, 
	syzkaller-bugs@...glegroups.com, wuchangye@...wei.com, xiesongyang@...wei.com, 
	yanan@...wei.com
Subject: Re: [PATCH] libbpf:fix use empty function pointers in ringbuf_poll

On Thu, Jun 8, 2023 at 6:00 AM zhangmingyi <zhangmingyi5@...wei.com> wrote:
>
> On 06/06,Stanislav Fomichev wrote:
>
> > On 06/05, Xin Liu wrote:
> > > From: zhangmingyi <zhangmingyi5@...wei.com>
> >
> > > The sample_cb of the ring_buffer__new interface can transfer NULL. However,
> > > the system does not check whether sample_cb is NULL during
> > > ring_buffer__poll, null pointer is used.
>
> > What is the point of calling ring_buffer__new with sample_cb == NULL?
>
> Yes, as you said, passing sample_cb in ring_buffer__new to NULL doesn't
> make sense, and few people use it that way, but that doesn't prevent this
> from being a allowed and supported scenario. And when ring_buffer__poll is
> called, it leads to a segmentation fault (core dump), which I think needs
> to be fixed to ensure the security quality of libbpf.

I dunno. I'd argue that passing a NULL to ring_buffer__new is an API
misuse. Maybe ring_buffer__new should return -EINVAL instead when
passed NULL sample_cb? Although, we don't usually have those checks
for the majority of the arguments in libbpf...

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ