From: Sargun Dhillon <sargun@sargun.me>
To: LKML <linux-kernel@vger.kernel.org>
Cc: Christian Brauner <christian.brauner@ubuntu.com>,
Aleksa Sarai <cyphar@cyphar.com>,
Sargun Dhillon <sargun@sargun.me>,
Tycho Andersen <tycho@tycho.ws>,
Kees Cook <keescook@chromium.org>
Subject: [PATCH] samples/seccomp: Zero out datastructures based on seccomp_notif_sizes
Date: Mon, 30 Dec 2019 12:35:03 -0800 [thread overview]
Message-ID: <20191230203503.4925-1-sargun@sargun.me> (raw)
The sizes by which seccomp_notif and seccomp_notif_resp are allocated are
based on the SECCOMP_GET_NOTIF_SIZES ioctl. This allows for graceful
extension of these datastructures. If userspace zeroes out the
datastructure based on its version, and it is lagging behind the kernel's
version, it will end up sending trailing garbage. On the other hand,
if it is ahead of the kernel version, it will write extra zero space,
and potentially cause corruption.
Signed-off-by: Sargun Dhillon <sargun@sargun.me>
Suggested-by: Tycho Andersen <tycho@tycho.ws>
Cc: Kees Cook <keescook@chromium.org>
---
samples/seccomp/user-trap.c | 4 ++--
1 file changed, 2 insertions(+), 2 deletions(-)
diff --git a/samples/seccomp/user-trap.c b/samples/seccomp/user-trap.c
index 3e31ec0cf4a5..20291ec6489f 100644
--- a/samples/seccomp/user-trap.c
+++ b/samples/seccomp/user-trap.c
@@ -302,10 +302,10 @@ int main(void)
resp = malloc(sizes.seccomp_notif_resp);
if (!resp)
goto out_req;
- memset(resp, 0, sizeof(*resp));
+ memset(resp, 0, sizes.seccomp_notif_resp);
while (1) {
- memset(req, 0, sizeof(*req));
+ memset(req, 0, sizes.seccomp_notif);
if (ioctl(listener, SECCOMP_IOCTL_NOTIF_RECV, req)) {
perror("ioctl recv");
goto out_resp;
--
2.20.1
next reply other threads:[~2019-12-30 20:36 UTC|newest]
Thread overview: 2+ messages / expand[flat|nested] mbox.gz Atom feed top
2019-12-30 20:35 Sargun Dhillon [this message]
2019-12-30 22:02 ` [PATCH] samples/seccomp: Zero out datastructures based on seccomp_notif_sizes Kees Cook
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=20191230203503.4925-1-sargun@sargun.me \
--to=sargun@sargun.me \
--cc=christian.brauner@ubuntu.com \
--cc=cyphar@cyphar.com \
--cc=keescook@chromium.org \
--cc=linux-kernel@vger.kernel.org \
--cc=tycho@tycho.ws \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.