| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
Date: Wed, 4 Oct 2023 01:40:45 +0200
From: "Gustavo A. R. Silva" <gustavo@...eddedor.com>
To: Kees Cook <keescook@...omium.org>, "David S. Miller" <davem@...emloft.net>
Cc: Eric Dumazet <edumazet@...gle.com>, Jakub Kicinski <kuba@...nel.org>,
Paolo Abeni <pabeni@...hat.com>, Johannes Berg <johannes.berg@...el.com>,
netdev@...r.kernel.org, "Gustavo A. R. Silva" <gustavoars@...nel.org>,
Nathan Chancellor <nathan@...nel.org>,
Nick Desaulniers <ndesaulniers@...gle.com>, Tom Rix <trix@...hat.com>,
linux-kernel@...r.kernel.org, linux-hardening@...r.kernel.org,
llvm@...ts.linux.dev
Subject: Re: [PATCH] netlink: Annotate struct netlink_policy_dump_state with
__counted_by
On 10/4/23 01:21, Kees Cook wrote:
> Prepare for the coming implementation by GCC and Clang of the __counted_by
> attribute. Flexible array members annotated with __counted_by can have
> their accesses bounds-checked at run-time via CONFIG_UBSAN_BOUNDS (for
> array indexing) and CONFIG_FORTIFY_SOURCE (for strcpy/memcpy-family
> functions).
>
> As found with Coccinelle[1], add __counted_by for struct netlink_policy_dump_state.
>
> Additionally update the size of the usage array length before accessing
> it. This requires remembering the old size for the memset() and later
> assignments.
>
> Cc: "David S. Miller" <davem@...emloft.net>
> Cc: Eric Dumazet <edumazet@...gle.com>
> Cc: Jakub Kicinski <kuba@...nel.org>
> Cc: Paolo Abeni <pabeni@...hat.com>
> Cc: Johannes Berg <johannes.berg@...el.com>
> Cc: netdev@...r.kernel.org
> Link: https://github.com/kees/kernel-tools/blob/trunk/coccinelle/examples/counted_by.cocci [1]
> Signed-off-by: Kees Cook <keescook@...omium.org>
Reviewed-by: Gustavo A. R. Silva <gustavoars@...nel.org>
Thanks
--
Gustavo
> ---
> net/netlink/policy.c | 15 ++++++++-------
> 1 file changed, 8 insertions(+), 7 deletions(-)
>
> diff --git a/net/netlink/policy.c b/net/netlink/policy.c
> index 87e3de0fde89..e2f111edf66c 100644
> --- a/net/netlink/policy.c
> +++ b/net/netlink/policy.c
> @@ -21,7 +21,7 @@ struct netlink_policy_dump_state {
> struct {
> const struct nla_policy *policy;
> unsigned int maxtype;
> - } policies[];
> + } policies[] __counted_by(n_alloc);
> };
>
> static int add_policy(struct netlink_policy_dump_state **statep,
> @@ -29,7 +29,7 @@ static int add_policy(struct netlink_policy_dump_state **statep,
> unsigned int maxtype)
> {
> struct netlink_policy_dump_state *state = *statep;
> - unsigned int n_alloc, i;
> + unsigned int old_n_alloc, n_alloc, i;
>
> if (!policy || !maxtype)
> return 0;
> @@ -52,12 +52,13 @@ static int add_policy(struct netlink_policy_dump_state **statep,
> if (!state)
> return -ENOMEM;
>
> - memset(&state->policies[state->n_alloc], 0,
> - flex_array_size(state, policies, n_alloc - state->n_alloc));
> -
> - state->policies[state->n_alloc].policy = policy;
> - state->policies[state->n_alloc].maxtype = maxtype;
> + old_n_alloc = state->n_alloc;
> state->n_alloc = n_alloc;
> + memset(&state->policies[old_n_alloc], 0,
> + flex_array_size(state, policies, n_alloc - old_n_alloc));
> +
> + state->policies[old_n_alloc].policy = policy;
> + state->policies[old_n_alloc].maxtype = maxtype;
> *statep = state;
>
> return 0;
Powered by blists - more mailing lists