lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
Open Source and information security mailing list archives
| ||
|
Message-ID: <45DEF7A6-093D-4517-8CD8-D86D1671BE48@kernel.org> Date: Tue, 08 Aug 2023 16:00:36 -0700 From: Kees Cook <kees@...nel.org> To: "Gustavo A. R. Silva" <gustavoars@...nel.org>, "GONG, Ruiqi" <gongruiqi@...weicloud.com> CC: Pablo Neira Ayuso <pablo@...filter.org>, Jozsef Kadlecsik <kadlec@...filter.org>, Florian Westphal <fw@...len.de>, Roopa Prabhu <roopa@...dia.com>, Nikolay Aleksandrov <razor@...ckwall.org>, Kees Cook <keescook@...omium.org>, netfilter-devel@...r.kernel.org, coreteam@...filter.org, netdev@...r.kernel.org, linux-hardening@...r.kernel.org, linux-kernel@...r.kernel.org, Wang Weiyang <wangweiyang2@...wei.com>, Xiu Jianfeng <xiujianfeng@...wei.com>, gongruiqi1@...wei.com Subject: Re: [PATCH v2] netfilter: ebtables: fix fortify warnings On August 8, 2023 9:32:50 AM PDT, "Gustavo A. R. Silva" <gustavoars@...nel.org> wrote: >On Tue, Aug 08, 2023 at 09:30:38PM +0800, GONG, Ruiqi wrote: >> From: "GONG, Ruiqi" <gongruiqi1@...wei.com> >> >> When compiling with gcc 13 and CONFIG_FORTIFY_SOURCE=y, the following >> warning appears: >> >> In function ‘fortify_memcpy_chk’, >> inlined from ‘size_entry_mwt’ at net/bridge/netfilter/ebtables.c:2118:2: >> ./include/linux/fortify-string.h:592:25: error: call to ‘__read_overflow2_field’ >> declared with attribute warning: detected read beyond size of field (2nd parameter); >> maybe use struct_group()? [-Werror=attribute-warning] >> 592 | __read_overflow2_field(q_size_field, size); >> | ^~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ >> >> The compiler is complaining: >> >> memcpy(&offsets[1], &entry->watchers_offset, >> sizeof(offsets) - sizeof(offsets[0])); >> >> where memcpy reads beyong &entry->watchers_offset to copy >> {watchers,target,next}_offset altogether into offsets[]. Silence the >> warning by wrapping these three up via struct_group(). >> >> Signed-off-by: GONG, Ruiqi <gongruiqi1@...wei.com> >> --- >> >> v2: fix HDRTEST error by replacing struct_group() with __struct_group(), >> since it's a uapi header. >> >> include/uapi/linux/netfilter_bridge/ebtables.h | 14 ++++++++------ >> net/bridge/netfilter/ebtables.c | 3 +-- >> 2 files changed, 9 insertions(+), 8 deletions(-) >> >> diff --git a/include/uapi/linux/netfilter_bridge/ebtables.h b/include/uapi/linux/netfilter_bridge/ebtables.h >> index a494cf43a755..b0caad82b693 100644 >> --- a/include/uapi/linux/netfilter_bridge/ebtables.h >> +++ b/include/uapi/linux/netfilter_bridge/ebtables.h >> @@ -182,12 +182,14 @@ struct ebt_entry { >> unsigned char sourcemsk[ETH_ALEN]; >> unsigned char destmac[ETH_ALEN]; >> unsigned char destmsk[ETH_ALEN]; >> - /* sizeof ebt_entry + matches */ >> - unsigned int watchers_offset; >> - /* sizeof ebt_entry + matches + watchers */ >> - unsigned int target_offset; >> - /* sizeof ebt_entry + matches + watchers + target */ >> - unsigned int next_offset; >> + __struct_group(/* no tag */, offsets, /* no attrs */, >> + /* sizeof ebt_entry + matches */ >> + unsigned int watchers_offset; >> + /* sizeof ebt_entry + matches + watchers */ >> + unsigned int target_offset; >> + /* sizeof ebt_entry + matches + watchers + target */ >> + unsigned int next_offset; >> + ); >> unsigned char elems[0] __attribute__ ((aligned (__alignof__(struct ebt_replace)))); >> }; Actually, looking at what size_entry_mwt() is doing, I think you probably DO want a tag for this and to use a real structure for the manipulations instead of doing array indexing? I dunno. This is a weird function! :) -Kees >> >> diff --git a/net/bridge/netfilter/ebtables.c b/net/bridge/netfilter/ebtables.c >> index 757ec46fc45a..5ec66b1ebb64 100644 >> --- a/net/bridge/netfilter/ebtables.c >> +++ b/net/bridge/netfilter/ebtables.c >> @@ -2115,8 +2115,7 @@ static int size_entry_mwt(const struct ebt_entry *entry, const unsigned char *ba >> return ret; >> >> offsets[0] = sizeof(struct ebt_entry); /* matches come first */ >> - memcpy(&offsets[1], &entry->watchers_offset, >> - sizeof(offsets) - sizeof(offsets[0])); >> + memcpy(&offsets[1], &entry->offsets, sizeof(offsets) - sizeof(offsets[0])); > ^^^^^^^^^^^^ >You now can replace this ____________________________________| >with just `sizeof(entry->offsets)` > >With that change you can add my >Reviewed-by: Gustavo A. R. Silva <gustavoars@...nel.org> > >Thank you >-- >Gustavo > >> >> if (state->buf_kern_start) { >> buf_start = state->buf_kern_start + state->buf_kern_offset; >> -- >> 2.41.0 >> -- Kees Cook
Powered by blists - more mailing lists