diff options
| author | David S. Miller <davem@davemloft.net> | 2010-11-10 10:38:24 -0800 |
|---|---|---|
| committer | Paul Gortmaker <paul.gortmaker@windriver.com> | 2011-04-17 16:16:01 -0400 |
| commit | 9e7e10466fee07044f7357055eb203642647ec39 (patch) | |
| tree | 0e2bf98c618df2e63ebbabf01a97a88a4ff9ce2f /net/unix/af_unix.c | |
| parent | 3bdf85c28cb158e4369145edf9893e29f3f256b0 (diff) | |
filter: make sure filters dont read uninitialized memory
commit 57fe93b374a6b8711995c2d466c502af9f3a08bb upstream
There is a possibility malicious users can get limited information about
uninitialized stack mem array. Even if sk_run_filter() result is bound
to packet length (0 .. 65535), we could imagine this can be used by
hostile user.
Initializing mem[] array, like Dan Rosenberg suggested in his patch is
expensive since most filters dont even use this array.
Its hard to make the filter validation in sk_chk_filter(), because of
the jumps. This might be done later.
In this patch, I use a bitmap (a single long var) so that only filters
using mem[] loads/stores pay the price of added security checks.
For other filters, additional cost is a single instruction.
[ Since we access fentry->k a lot now, cache it in a local variable
and mark filter entry pointer as const. -DaveM ]
Reported-by: Dan Rosenberg <drosenberg@vsecurity.com>
Signed-off-by: Eric Dumazet <eric.dumazet@gmail.com>
Signed-off-by: David S. Miller <davem@davemloft.net>
Signed-off-by: Paul Gortmaker <paul.gortmaker@windriver.com>
Diffstat (limited to 'net/unix/af_unix.c')
0 files changed, 0 insertions, 0 deletions