Hi, On Wed, 31 Aug 2022, Kees Cook wrote: > For 32-bit systems, it might be possible to wrap lnmsgerr content > lengths beyond SIZE_MAX. Explicitly test for all overflows, and mark the > memcpy() as being unable to internally diagnose overflows. > > This also excludes netlink from the coming runtime bounds check on > memcpy(), since it's an unusual case of open-coded sizing and > allocation. Avoid this future run-time warning: > > memcpy: detected field-spanning write (size 32) of single field "&errmsg->msg" at net/netlink/af_netlink.c:2447 (size 16) > > Cc: Jakub Kicinski <kuba@xxxxxxxxxx> > Cc: Pablo Neira Ayuso <pablo@xxxxxxxxxxxxx> > Cc: Jozsef Kadlecsik <kadlec@xxxxxxxxxxxxx> > Cc: Florian Westphal <fw@xxxxxxxxx> > Cc: "David S. Miller" <davem@xxxxxxxxxxxxx> > Cc: Eric Dumazet <edumazet@xxxxxxxxxx> > Cc: Paolo Abeni <pabeni@xxxxxxxxxx> > Cc: syzbot <syzkaller@xxxxxxxxxxxxxxxx> > Cc: netfilter-devel@xxxxxxxxxxxxxxx > Cc: coreteam@xxxxxxxxxxxxx > Cc: netdev@xxxxxxxxxxxxxxx > Signed-off-by: Kees Cook <keescook@xxxxxxxxxxxx> > --- > v2: Rebased to -next > v1: https://lore.kernel.org/lkml/20220901030610.1121299-3-keescook@xxxxxxxxxxxx > --- > net/netlink/af_netlink.c | 81 +++++++++++++++++++++++++--------------- > 1 file changed, 51 insertions(+), 30 deletions(-) Could you add back the net/netfilter/ipset/ip_set_core.c part? Thanks! Best regards, Jozsef - E-mail : kadlec@xxxxxxxxxxxxxxxxx, kadlecsik.jozsef@xxxxxxxxx PGP key : https://wigner.hu/~kadlec/pgp_public_key.txt Address : Wigner Research Centre for Physics H-1525 Budapest 114, POB. 49, Hungary
