lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite for Android: free password hash cracker in your pocket
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list]
Message-ID: <20231016132123.50094c45@kernel.org>
Date: Mon, 16 Oct 2023 13:21:23 -0700
From: Jakub Kicinski <kuba@...nel.org>
To: davem@...emloft.net
Cc: netdev@...r.kernel.org, edumazet@...gle.com, pabeni@...hat.com,
 daniel@...earbox.net, opurdila@...acom.com
Subject: Re: [PATCH net 1/5] net: fix ifname in netlink ntf during netns
 move

On Mon, 16 Oct 2023 13:16:53 -0700 Jakub Kicinski wrote:
> +static int dev_prep_valid_name(struct net *net, struct net_device *dev,
> +			       const char *want_name, char *out_name)

> +	if (strchr(want_name, '%')) {
> +		ret = __dev_alloc_name(net, want_name, out_name);
> +		return ret < 0 ? ret : 0;

> -	if (strchr(name, '%'))
> -		return dev_alloc_name_ns(net, dev, name);
> -	else if (netdev_name_in_use(net, name))
> -		return -EEXIST;
> -	else if (dev->name != name)
> -		strscpy(dev->name, name, IFNAMSIZ);
> -
> -	return 0;
> +	return dev_prep_valid_name(net, dev, name, dev->name);

Humpf, this is not right. IDK what magic seeing something on the ML
has but I looked at this 3 times, and the moment I see it on the list
I immediately realize that the dev_alloc_name_ns() -> __dev_alloc_name()
conversion here is not really exact. We need to go thru a temp buffer
like dev_alloc_name_ns() does, because for whatever reason
__dev_alloc_name_ns() uses its input argument as a scratch buffer.
So if we pass dev->name directly and it fails the name will be
scrambled.
-- 
pw-bot: cr

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ