Re: [EXTERNAL] Re: Potential bug in gpiolib-cdev.c in v1 notification about line info changes

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 

On Wed, Jun 16, 2021 at 09:24:01PM +0000, Gabriel Knezek wrote:
> > 
> > Looks like a bug to me too - well spotted :(.
> > 
> > > We wanted to get your thoughts on if you feel this is actually a bug, or if we
> > overlooked something.
> > > We're proposing to fix this issue by memsetting the entire structure to zero
> > before calling the conversion routine; if you agree that that's a valid
> > approach, I'm happy to submit an official patch.
> > >
> > 
> > Go for it.
> > I'd zero the padding in the conversion routine myself, but zeroing the whole
> > struct in the same routine as the copy_to_user(), as you suggest, would more
> > clearly demonstrate that it isn't leaking stack.
> 
> Sounds good. I'll send out the patch shortly.
> Do you think I should CC: security@xxxxxxxxxx on the patch?
> 

Not totally clear on the procedure myself, and give this is a potential
security issue, you probably should've gone there first, or mailed the
maintainers privately rather than going straight to the list?
For that matter, I probably should've replied privately rather than
confirming the bug on the list.  But that horse has bolted.

I'd expect the maintainers to promptly direct the patch to the appropriate
channels, though forwarding a copy to security@xxxxxxxxxx probably
couldn't hurt.

Thanks again for spotting this one - I'm still kicking myself for
missing it.

Cheers,
Kent.
[Index of Archives]     [Linux SPI]     [Linux Kernel]     [Linux ARM (vger)]     [Linux ARM MSM]     [Linux Omap]     [Linux Arm]     [Linux Tegra]     [Fedora ARM]     [Linux for Samsung SOC]     [eCos]     [Linux Fastboot]     [Gcc Help]     [Git]     [DCCP]     [IETF Announce]     [Security]     [Linux MIPS]     [Yosemite Campsites]

  Powered by Linux