| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
Message-Id: <20241117045512.111515-1-chensong_2000@189.cn>
Date: Sun, 17 Nov 2024 12:55:12 +0800
From: Song Chen <chensong_2000@....cn>
To: davem@...emloft.net,
edumazet@...gle.com,
kuba@...nel.org,
pabeni@...hat.com,
kory.maincent@...tlin.com,
aleksander.lobakin@...el.com,
willemb@...gle.com
Cc: netdev@...r.kernel.org,
linux-kernel@...r.kernel.org,
Song Chen <chensong_2000@....cn>
Subject: [PATCH] net/core/dev_ioctl: avoid invoking modprobe with empty ifr_name
dev_ioctl handles requests from user space if a process calls
ioctl(sockfd, SIOCGIFINDEX, &ifr). However, if this user space
process doesn't have interface name well specified, dev_ioctl
doesn't give it an essential check, as a result, dev_load will
invoke modprobe with a nonsense module name if the user happens
to be sys admin or root, see following code in dev_load:
no_module = !dev;
if (no_module && capable(CAP_NET_ADMIN))
no_module = request_module("netdev-%s", name);
if (no_module && capable(CAP_SYS_MODULE))
request_module("%s", name);
This patch checks if ifr_name is empty at the beginning, reduces
the overhead of calling modprobe.
Signed-off-by: Song Chen <chensong_2000@....cn>
---
net/core/dev_ioctl.c | 3 +++
1 file changed, 3 insertions(+)
diff --git a/net/core/dev_ioctl.c b/net/core/dev_ioctl.c
index 473c437b6b53..1371269f17d5 100644
--- a/net/core/dev_ioctl.c
+++ b/net/core/dev_ioctl.c
@@ -676,6 +676,9 @@ int dev_ioctl(struct net *net, unsigned int cmd, struct ifreq *ifr,
if (cmd == SIOCGIFNAME)
return dev_ifname(net, ifr);
+ if (ifr->ifr_name[0] == '\0')
+ return -EINVAL;
+
ifr->ifr_name[IFNAMSIZ-1] = 0;
colon = strchr(ifr->ifr_name, ':');
--
2.25.1
Powered by blists - more mailing lists