| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
Message-ID: <4022661.1732899850@warthog.procyon.org.uk>
Date: Fri, 29 Nov 2024 17:04:10 +0000
From: David Howells <dhowells@...hat.com>
To: Michal Luczaj <mhal@...x.co>
Cc: dhowells@...hat.com, Marcel Holtmann <marcel@...tmann.org>,
Johan Hedberg <johan.hedberg@...il.com>,
Luiz Augusto von Dentz <luiz.dentz@...il.com>,
"David S. Miller" <davem@...emloft.net>,
Eric Dumazet <edumazet@...gle.com>, Paolo Abeni <pabeni@...hat.com>,
Simon Horman <horms@...nel.org>,
Marc Dionne <marc.dionne@...istor.com>,
Luiz Augusto von Dentz <luiz.von.dentz@...el.com>,
linux-bluetooth@...r.kernel.org, netdev@...r.kernel.org,
linux-afs@...ts.infradead.org, Jakub Kicinski <kuba@...nel.org>
Subject: Re: [PATCH net v3 3/4] rxrpc: Improve setsockopt() handling of malformed user input
Michal Luczaj <mhal@...x.co> wrote:
> copy_from_sockptr() does not return negative value on error; instead, it
> reports the number of bytes that failed to copy. Since it's deprecated,
> switch to copy_safe_from_sockptr().
>
> Note: Keeping the `optlen != sizeof(unsigned int)` check as
> copy_safe_from_sockptr() by itself would also accept
> optlen > sizeof(unsigned int). Which would allow a more lenient handling
> of inputs.
>
> Fixes: 17926a79320a ("[AF_RXRPC]: Provide secure RxRPC sockets for use by userspace and kernel both")
> Signed-off-by: Michal Luczaj <mhal@...x.co>
Acked-by: David Howells <dhowells@...hat.com>
Powered by blists - more mailing lists