Re: [PATCH v4] net: don't call strlen() on the user buffer in packet_bind_spkt()
From: Alexander PotapenkoDate: Wed, 1 Mar 2017 12:57:20 +0100 > KMSAN (KernelMemorySanitizer, a new error detection tool) reports use of > uninitialized memory in packet_bind_spkt(): ... > This happens because addr.sa_data copied from the userspace is not > zero-terminated, and copying it with strlcpy() in packet_bind_spkt() > results in calling strlen() on the kernel copy of that non-terminated > buffer. > > Signed-off-by: Alexander Potapenko > --- > Changes since v3: > - addressed comments by Eric Dumazet (avoid using constants, >use memcpy() instead of strncpy()) Applied and queued up for -stable.
Re: [PATCH v4] net: don't call strlen() on the user buffer in packet_bind_spkt()
From: Alexander Potapenko Date: Wed, 1 Mar 2017 12:57:20 +0100 > KMSAN (KernelMemorySanitizer, a new error detection tool) reports use of > uninitialized memory in packet_bind_spkt(): ... > This happens because addr.sa_data copied from the userspace is not > zero-terminated, and copying it with strlcpy() in packet_bind_spkt() > results in calling strlen() on the kernel copy of that non-terminated > buffer. > > Signed-off-by: Alexander Potapenko > --- > Changes since v3: > - addressed comments by Eric Dumazet (avoid using constants, >use memcpy() instead of strncpy()) Applied and queued up for -stable.
Re: [PATCH v4] net: don't call strlen() on the user buffer in packet_bind_spkt()
On Wed, Mar 1, 2017 at 3:57 AM, Alexander Potapenkowrote: > This happens because addr.sa_data copied from the userspace is not > zero-terminated, and copying it with strlcpy() in packet_bind_spkt() > results in calling strlen() on the kernel copy of that non-terminated > buffer. Very similar to commit b301f2538759933cf9ff1f7c4f968da72e3f0757 Author: Pablo Neira Ayuso Date: Thu Mar 24 21:29:53 2016 +0100 netfilter: x_tables: enforce nul-terminated table name from getsockopt GET_ENTRIES
Re: [PATCH v4] net: don't call strlen() on the user buffer in packet_bind_spkt()
On Wed, Mar 1, 2017 at 3:57 AM, Alexander Potapenko wrote: > This happens because addr.sa_data copied from the userspace is not > zero-terminated, and copying it with strlcpy() in packet_bind_spkt() > results in calling strlen() on the kernel copy of that non-terminated > buffer. Very similar to commit b301f2538759933cf9ff1f7c4f968da72e3f0757 Author: Pablo Neira Ayuso Date: Thu Mar 24 21:29:53 2016 +0100 netfilter: x_tables: enforce nul-terminated table name from getsockopt GET_ENTRIES
Re: [PATCH v4] net: don't call strlen() on the user buffer in packet_bind_spkt()
On Wed, 2017-03-01 at 12:57 +0100, Alexander Potapenko wrote: > KMSAN (KernelMemorySanitizer, a new error detection tool) reports use of > uninitialized memory in packet_bind_spkt(): ... > Signed-off-by: Alexander Potapenko> --- > Changes since v3: > - addressed comments by Eric Dumazet (avoid using constants, >use memcpy() instead of strncpy()) > --- Acked-by: Eric Dumazet
Re: [PATCH v4] net: don't call strlen() on the user buffer in packet_bind_spkt()
On Wed, 2017-03-01 at 12:57 +0100, Alexander Potapenko wrote: > KMSAN (KernelMemorySanitizer, a new error detection tool) reports use of > uninitialized memory in packet_bind_spkt(): ... > Signed-off-by: Alexander Potapenko > --- > Changes since v3: > - addressed comments by Eric Dumazet (avoid using constants, >use memcpy() instead of strncpy()) > --- Acked-by: Eric Dumazet