From: Jakub Kicinski <kuba@kernel.org>
To: Kees Cook <keescook@chromium.org>
Cc: Pablo Neira Ayuso <pablo@netfilter.org>,
Jozsef Kadlecsik <kadlec@netfilter.org>,
Florian Westphal <fw@strlen.de>,
"David S. Miller" <davem@davemloft.net>,
Eric Dumazet <edumazet@google.com>,
Paolo Abeni <pabeni@redhat.com>,
syzbot <syzkaller@googlegroups.com>,
netfilter-devel@vger.kernel.org, coreteam@netfilter.org,
netdev@vger.kernel.org, Yajun Deng <yajun.deng@linux.dev>,
Oliver Hartkopp <socketcan@hartkopp.net>,
Harshit Mogalapalli <harshit.m.mogalapalli@oracle.com>,
linux-kernel@vger.kernel.org, linux-hardening@vger.kernel.org
Subject: Re: [PATCH 2/2] netlink: Bounds-check struct nlmsgerr creation
Date: Wed, 31 Aug 2022 20:20:17 -0700 [thread overview]
Message-ID: <20220831202017.69838448@kernel.org> (raw)
In-Reply-To: <20220901030610.1121299-3-keescook@chromium.org>
On Wed, 31 Aug 2022 20:06:10 -0700 Kees Cook wrote:
> For 32-bit systems, it might be possible to wrap lnmsgerr content
> lengths beyond SIZE_MAX. Explicitly test for all overflows, and mark the
> memcpy() as being unable to internally diagnose overflows.
>
> This also excludes netlink from the coming runtime bounds check on
> memcpy(), since it's an unusual case of open-coded sizing and
> allocation.
This one you gotta rebase we just rewrote the af_netlink
part last week :)
prev parent reply other threads:[~2022-09-01 3:20 UTC|newest]
Thread overview: 8+ messages / expand[flat|nested] mbox.gz Atom feed top
2022-09-01 3:06 [PATCH 0/2] netlink: Bounds-check struct nlmsgerr creation Kees Cook
2022-09-01 3:06 ` [PATCH 1/2] netlink: Bounds-check nlmsg_len() Kees Cook
2022-09-01 3:18 ` Jakub Kicinski
2022-09-01 6:27 ` Kees Cook
2022-09-01 19:49 ` Jakub Kicinski
2022-09-01 20:54 ` Eric Dumazet
2022-09-01 3:06 ` [PATCH 2/2] netlink: Bounds-check struct nlmsgerr creation Kees Cook
2022-09-01 3:20 ` Jakub Kicinski [this message]
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=20220831202017.69838448@kernel.org \
--to=kuba@kernel.org \
--cc=coreteam@netfilter.org \
--cc=davem@davemloft.net \
--cc=edumazet@google.com \
--cc=fw@strlen.de \
--cc=harshit.m.mogalapalli@oracle.com \
--cc=kadlec@netfilter.org \
--cc=keescook@chromium.org \
--cc=linux-hardening@vger.kernel.org \
--cc=linux-kernel@vger.kernel.org \
--cc=netdev@vger.kernel.org \
--cc=netfilter-devel@vger.kernel.org \
--cc=pabeni@redhat.com \
--cc=pablo@netfilter.org \
--cc=socketcan@hartkopp.net \
--cc=syzkaller@googlegroups.com \
--cc=yajun.deng@linux.dev \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.