* [PATCH] regulatory: add NULL to alpha2
@ 2014-06-11 7:23 Arik Nemtsov
2014-06-11 8:30 ` Luis R. Rodriguez
` (2 more replies)
0 siblings, 3 replies; 9+ messages in thread
From: Arik Nemtsov @ 2014-06-11 7:23 UTC (permalink / raw)
To: linux-wireless; +Cc: Luis R. Rodriguez, Eliad Peller
From: Eliad Peller <eliad@wizery.com>
alpha2 is defined as 2-chars array, but is used in multiple
places as string (e.g. with nla_put_string calls), which
might leak kernel data.
Solve it by simply adding an extra char for the NULL
terminator, making such operations safe.
Signed-off-by: Eliad Peller <eliadx.peller@intel.com>
Reviewed-by: Johannes Berg <johannes.berg@intel.com>
---
include/net/regulatory.h | 2 +-
1 file changed, 1 insertion(+), 1 deletion(-)
diff --git a/include/net/regulatory.h b/include/net/regulatory.h
index 2599924..dad7ab2 100644
--- a/include/net/regulatory.h
+++ b/include/net/regulatory.h
@@ -167,7 +167,7 @@ struct ieee80211_reg_rule {
struct ieee80211_regdomain {
struct rcu_head rcu_head;
u32 n_reg_rules;
- char alpha2[2];
+ char alpha2[3];
enum nl80211_dfs_regions dfs_region;
struct ieee80211_reg_rule reg_rules[];
};
--
1.9.1
^ permalink raw reply related [flat|nested] 9+ messages in thread
* Re: [PATCH] regulatory: add NULL to alpha2
2014-06-11 7:23 [PATCH] regulatory: add NULL to alpha2 Arik Nemtsov
@ 2014-06-11 8:30 ` Luis R. Rodriguez
2014-06-11 8:39 ` Eliad Peller
2014-06-23 9:43 ` Johannes Berg
2014-07-29 11:41 ` Johannes Berg
2 siblings, 1 reply; 9+ messages in thread
From: Luis R. Rodriguez @ 2014-06-11 8:30 UTC (permalink / raw)
To: Arik Nemtsov; +Cc: linux-wireless, Eliad Peller
On Wed, Jun 11, 2014 at 12:23 AM, Arik Nemtsov <arik@wizery.com> wrote:
> From: Eliad Peller <eliad@wizery.com>
>
> alpha2 is defined as 2-chars array, but is used in multiple
> places as string (e.g. with nla_put_string calls), which
> might leak kernel data.
>
> Solve it by simply adding an extra char for the NULL
> terminator, making such operations safe.
>
> Signed-off-by: Eliad Peller <eliadx.peller@intel.com>
> Reviewed-by: Johannes Berg <johannes.berg@intel.com>
Acked-by: Luis R. Rodriguez <mcgrof@do-not-panic.com>
Thanks for the patch ! Curious how you ended up down finding the issue though.
Luis
^ permalink raw reply [flat|nested] 9+ messages in thread
* Re: [PATCH] regulatory: add NULL to alpha2
2014-06-11 8:30 ` Luis R. Rodriguez
@ 2014-06-11 8:39 ` Eliad Peller
0 siblings, 0 replies; 9+ messages in thread
From: Eliad Peller @ 2014-06-11 8:39 UTC (permalink / raw)
To: Luis R. Rodriguez; +Cc: Arik Nemtsov, linux-wireless
On Wed, Jun 11, 2014 at 11:30 AM, Luis R. Rodriguez
<mcgrof@do-not-panic.com> wrote:
> On Wed, Jun 11, 2014 at 12:23 AM, Arik Nemtsov <arik@wizery.com> wrote:
>> From: Eliad Peller <eliad@wizery.com>
>>
>> alpha2 is defined as 2-chars array, but is used in multiple
>> places as string (e.g. with nla_put_string calls), which
>> might leak kernel data.
>>
>> Solve it by simply adding an extra char for the NULL
>> terminator, making such operations safe.
>>
>> Signed-off-by: Eliad Peller <eliadx.peller@intel.com>
>> Reviewed-by: Johannes Berg <johannes.berg@intel.com>
>
> Acked-by: Luis R. Rodriguez <mcgrof@do-not-panic.com>
>
> Thanks for the patch ! Curious how you ended up down finding the issue though.
>
i'm not sure. i think i noticed some crap in hostapd log and looked for it.
Eliad.
^ permalink raw reply [flat|nested] 9+ messages in thread
* Re: [PATCH] regulatory: add NULL to alpha2
2014-06-11 7:23 [PATCH] regulatory: add NULL to alpha2 Arik Nemtsov
2014-06-11 8:30 ` Luis R. Rodriguez
@ 2014-06-23 9:43 ` Johannes Berg
2014-06-30 22:23 ` Luis R. Rodriguez
2014-07-29 11:41 ` Johannes Berg
2 siblings, 1 reply; 9+ messages in thread
From: Johannes Berg @ 2014-06-23 9:43 UTC (permalink / raw)
To: Arik Nemtsov; +Cc: linux-wireless, Luis R. Rodriguez, Eliad Peller
On Wed, 2014-06-11 at 10:23 +0300, Arik Nemtsov wrote:
> From: Eliad Peller <eliad@wizery.com>
>
> alpha2 is defined as 2-chars array, but is used in multiple
> places as string (e.g. with nla_put_string calls), which
> might leak kernel data.
>
> Solve it by simply adding an extra char for the NULL
> terminator, making such operations safe.
I'm beginning to think that it would make more sense to just not use
nla_put_string()?
johannes
^ permalink raw reply [flat|nested] 9+ messages in thread
* Re: [PATCH] regulatory: add NULL to alpha2
2014-06-23 9:43 ` Johannes Berg
@ 2014-06-30 22:23 ` Luis R. Rodriguez
2014-07-21 10:02 ` Johannes Berg
0 siblings, 1 reply; 9+ messages in thread
From: Luis R. Rodriguez @ 2014-06-30 22:23 UTC (permalink / raw)
To: Johannes Berg; +Cc: Arik Nemtsov, linux-wireless, Eliad Peller
On Mon, Jun 23, 2014 at 11:43:06AM +0200, Johannes Berg wrote:
> On Wed, 2014-06-11 at 10:23 +0300, Arik Nemtsov wrote:
> > From: Eliad Peller <eliad@wizery.com>
> >
> > alpha2 is defined as 2-chars array, but is used in multiple
> > places as string (e.g. with nla_put_string calls), which
> > might leak kernel data.
> >
> > Solve it by simply adding an extra char for the NULL
> > terminator, making such operations safe.
>
> I'm beginning to think that it would make more sense to just not use
> nla_put_string()?
If the reason for adding the check was because of a new use case
then yes, but other than that are there other reasons you were
considering?
Luis
^ permalink raw reply [flat|nested] 9+ messages in thread
* Re: [PATCH] regulatory: add NULL to alpha2
2014-06-30 22:23 ` Luis R. Rodriguez
@ 2014-07-21 10:02 ` Johannes Berg
2014-07-29 1:26 ` Luis R. Rodriguez
0 siblings, 1 reply; 9+ messages in thread
From: Johannes Berg @ 2014-07-21 10:02 UTC (permalink / raw)
To: Luis R. Rodriguez; +Cc: Arik Nemtsov, linux-wireless, Eliad Peller
On Mon, 2014-06-30 at 15:23 -0700, Luis R. Rodriguez wrote:
> On Mon, Jun 23, 2014 at 11:43:06AM +0200, Johannes Berg wrote:
> > On Wed, 2014-06-11 at 10:23 +0300, Arik Nemtsov wrote:
> > > From: Eliad Peller <eliad@wizery.com>
> > >
> > > alpha2 is defined as 2-chars array, but is used in multiple
> > > places as string (e.g. with nla_put_string calls), which
> > > might leak kernel data.
> > >
> > > Solve it by simply adding an extra char for the NULL
> > > terminator, making such operations safe.
> >
> > I'm beginning to think that it would make more sense to just not use
> > nla_put_string()?
>
> If the reason for adding the check was because of a new use case
> then yes, but other than that are there other reasons you were
> considering?
This was never intended to be a string, only 2 characters ... so why use
it with string functions?
johannes
^ permalink raw reply [flat|nested] 9+ messages in thread
* Re: [PATCH] regulatory: add NULL to alpha2
2014-07-21 10:02 ` Johannes Berg
@ 2014-07-29 1:26 ` Luis R. Rodriguez
2014-07-29 6:34 ` Johannes Berg
0 siblings, 1 reply; 9+ messages in thread
From: Luis R. Rodriguez @ 2014-07-29 1:26 UTC (permalink / raw)
To: Johannes Berg; +Cc: Arik Nemtsov, linux-wireless, Eliad Peller
On Mon, Jul 21, 2014 at 3:02 AM, Johannes Berg
<johannes@sipsolutions.net> wrote:
> This was never intended to be a string, only 2 characters ... so why use
> it with string functions?
Sure makes sense, the report was not clear so indeed, if userspace can
be fixed that's better to enable consistent use.
Luis
^ permalink raw reply [flat|nested] 9+ messages in thread
* Re: [PATCH] regulatory: add NULL to alpha2
2014-07-29 1:26 ` Luis R. Rodriguez
@ 2014-07-29 6:34 ` Johannes Berg
0 siblings, 0 replies; 9+ messages in thread
From: Johannes Berg @ 2014-07-29 6:34 UTC (permalink / raw)
To: Luis R. Rodriguez; +Cc: Arik Nemtsov, linux-wireless, Eliad Peller
On Mon, 2014-07-28 at 18:26 -0700, Luis R. Rodriguez wrote:
> On Mon, Jul 21, 2014 at 3:02 AM, Johannes Berg
> <johannes@sipsolutions.net> wrote:
> > This was never intended to be a string, only 2 characters ... so why use
> > it with string functions?
>
> Sure makes sense, the report was not clear so indeed, if userspace can
> be fixed that's better to enable consistent use.
Sadly, it looks like userspace *is* relying on a NUL-byte (e.g. iw using
nla_get_string()) which would always be there due to padding, but it's
probably better to make it explicit.
johannes
^ permalink raw reply [flat|nested] 9+ messages in thread
* Re: [PATCH] regulatory: add NULL to alpha2
2014-06-11 7:23 [PATCH] regulatory: add NULL to alpha2 Arik Nemtsov
2014-06-11 8:30 ` Luis R. Rodriguez
2014-06-23 9:43 ` Johannes Berg
@ 2014-07-29 11:41 ` Johannes Berg
2 siblings, 0 replies; 9+ messages in thread
From: Johannes Berg @ 2014-07-29 11:41 UTC (permalink / raw)
To: Arik Nemtsov; +Cc: linux-wireless, Luis R. Rodriguez, Eliad Peller
On Wed, 2014-06-11 at 10:23 +0300, Arik Nemtsov wrote:
> From: Eliad Peller <eliad@wizery.com>
>
> alpha2 is defined as 2-chars array, but is used in multiple
> places as string (e.g. with nla_put_string calls), which
> might leak kernel data.
>
> Solve it by simply adding an extra char for the NULL
> terminator, making such operations safe.
>
> Signed-off-by: Eliad Peller <eliadx.peller@intel.com>
Applied.
johannes
^ permalink raw reply [flat|nested] 9+ messages in thread
end of thread, other threads:[~2014-07-29 11:41 UTC | newest]
Thread overview: 9+ messages (download: mbox.gz / follow: Atom feed)
-- links below jump to the message on this page --
2014-06-11 7:23 [PATCH] regulatory: add NULL to alpha2 Arik Nemtsov
2014-06-11 8:30 ` Luis R. Rodriguez
2014-06-11 8:39 ` Eliad Peller
2014-06-23 9:43 ` Johannes Berg
2014-06-30 22:23 ` Luis R. Rodriguez
2014-07-21 10:02 ` Johannes Berg
2014-07-29 1:26 ` Luis R. Rodriguez
2014-07-29 6:34 ` Johannes Berg
2014-07-29 11:41 ` Johannes Berg
This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.