From: Vlad Yasevich <vyasevic@redhat.com>
To: David Miller <davem@davemloft.net>
Cc: linux@roeck-us.net, netdev@vger.kernel.org,
linux-sctp@vger.kernel.org, vyasevich@gmail.com, sri@us.ibm.com,
nhorman@tuxdriver.com
Subject: Re: [PATCH] net/sctp: Validate parameter size for SCTP_GET_ASSOC_STATS control message
Date: Wed, 27 Feb 2013 15:58:04 -0500 [thread overview]
Message-ID: <512E735C.10600@redhat.com> (raw)
In-Reply-To: <20130227.153344.2178498124458359369.davem@davemloft.net>
On 02/27/2013 03:33 PM, David Miller wrote:
> From: Guenter Roeck <linux@roeck-us.net>
> Date: Wed, 27 Feb 2013 11:43:51 -0800
>
>> Building sctp may fail with:
>>
>> In function ‘copy_from_user’,
>> inlined from ‘sctp_getsockopt_assoc_stats’ at
>> net/sctp/socket.c:5656:20:
>> arch/x86/include/asm/uaccess_32.h:211:26: error: call to
>> ‘copy_from_user_overflow’ declared with attribute error: copy_from_user()
>> buffer size is not provably correct
>>
>> if built with W=1 due to a missing parameter size validation.
>>
>> Signed-off-by: Guenter Roeck <linux@roeck-us.net>
>
> This change is correct, but please fix this by simply moving the:
>
> /* Allow the struct to grow and fill in as much as possible */
> len = min_t(size_t, len, sizeof(sas));
>
> line higher up in the function.
>
> And I also prefer this because:
>
> something testing sizeof(foo);
> if (copy_from_user(..., ..., sizeof(foo)))
>
> must easier to audit and validate, especially in patch form.
>
> Otherwise I have to bring the code into an editor and read the whole
> function just to make sure you got the type correct.
Right. In this particular case, we are after a very small portion of
user data (just the association id) and copying the entire structure is
rather pointless.
A nicer solution here would be to do this:
if (copy_from_user(&sas, optval, sizeof(sctp_assoc_t))
We are already guaranteed that much space and we make sure that we don't
overwrite the kernel stack.
-vlad
prev parent reply other threads:[~2013-02-27 20:58 UTC|newest]
Thread overview: 8+ messages / expand[flat|nested] mbox.gz Atom feed top
2013-02-27 19:43 [PATCH] net/sctp: Validate parameter size for SCTP_GET_ASSOC_STATS control message Guenter Roeck
2013-02-27 20:09 ` Neil Horman
2013-02-27 20:22 ` David Miller
2013-02-27 20:22 ` Guenter Roeck
2013-02-27 20:37 ` Vlad Yasevich
2013-02-27 20:43 ` Neil Horman
2013-02-27 20:33 ` David Miller
2013-02-27 20:58 ` Vlad Yasevich [this message]
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=512E735C.10600@redhat.com \
--to=vyasevic@redhat.com \
--cc=davem@davemloft.net \
--cc=linux-sctp@vger.kernel.org \
--cc=linux@roeck-us.net \
--cc=netdev@vger.kernel.org \
--cc=nhorman@tuxdriver.com \
--cc=sri@us.ibm.com \
--cc=vyasevich@gmail.com \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for NNTP newsgroup(s).