Products Openwall GNU/*/Linux   server OS Linux Kernel Runtime Guard John the Ripper   password cracker Free & Open Source for any platform in the cloud Pro for Linux Pro for macOS Wordlists   for password cracking passwdqc   policy enforcement Free & Open Source for Unix Pro for Windows (Active Directory) yescrypt   KDF & password hashing yespower   Proof-of-Work (PoW) crypt_blowfish   password hashing phpass   ditto in PHP tcb   better password shadowing Pluggable Authentication Modules scanlogd   port scan detector popa3d   tiny POP3 daemon blists   web interface to mailing lists msulogin   single user mode login php_mt_seed   mt_rand() cracker Services Publications Articles Presentations Resources Mailing lists Community wiki Source code repositories (GitHub) Source code repositories (CVSweb) File archive & mirrors How to verify digital signatures OVE IDs What's new

Date: Fri, 21 Jun 2019 12:54:34 +0200
From: Romain Perier <romain.perier@...il.com>
To: Kees Cook <keescook@...omium.org>
Cc: Kernel Hardening <kernel-hardening@...ts.openwall.com>
Subject: Re: Audit and fix all misuse of NLA_STRING: STATUS

Hi!

Yeah, I have found some inconsistencies, but I am not 100% sure for
all of these. I will double check and review the code closely.
I keep you in touch.

Regards,
Romain

Le jeu. 20 juin 2019 à 18:15, Kees Cook <keescook@...omium.org> a écrit :
>
> On Tue, Jun 18, 2019 at 07:56:42PM +0200, Romain Perier wrote:
> > Hi !
> >
> > Here a first review, you can get the complete list here:
> >
> > https://salsa.debian.org/rperier-guest/linux-tree/raw/next/STATUS
>
> Cool! You identified three issues:
>
> net/netfilter/nfnetlink_cthelper.c:
>         NF_CT_HELPER_NAME_LEN is used instead of NF_CT_EXP_POLICY_NAME_LEN
>
> net/netfilter/ipset/ip_set_list_set.c:
>         IPSET_ATTR_NAME and IPSET_ATTR_NAMEREF both have a len of
>         IPSET_MAXNAMELEN for a string of size IPSET_MAXNAMELEN
>
> net/openvswitch/conntrack.c:
>         maxlen of NF_CT_HELPER_NAME_LEN with a string of size
>         NF_CT_HELPER_NAME_LEN. maxlen of CTNL_TIMEOUT_NAME_MAX with a
>         string of size CTNL_TIMEOUT_NAME_MAX
>
> I haven't looked closely at this myself yet, but I think the next step
> would be to write patches for each of these. And while doing that, have
> an eye toward thinking about how each case could be made more robust in
> the future to avoid these kinds of flaws returning.
>
> Nice!
>
> --
> Kees Cook

Powered by blists - more mailing lists

Confused about mailing lists and their use? Read about mailing lists on Wikipedia and check out these guidelines on proper formatting of your messages.