Re: net: heap-out-of-bounds in sock_setsockopt

2015-12-16 Thread Willem de Bruijn
> > Hmm, we should exclude the raw socket case, something like the > following, but I am not sure if the check is too strict or not, also > not sure if we should return an error for this raw socket case. No, SOF_TIMESTAMPING_OPT_ID with SOCK_RAW/IPPROTO_TCP is legitimate. It should fall through

Re: net: heap-out-of-bounds in sock_setsockopt

2015-12-16 Thread Eric Dumazet
On Wed, Dec 16, 2015 at 12:22 PM, Cong Wang wrote: > Hmm, we should exclude the raw socket case, something like the > following, but I am not sure if the check is too strict or not, also > not sure if we should return an error for this raw socket case. > > diff --git a/net/core/sock.c

Re: net: heap-out-of-bounds in sock_setsockopt

2015-12-16 Thread Cong Wang
On Wed, Dec 16, 2015 at 11:34 AM, Dmitry Vyukov wrote: > BUG: KASAN: slab-out-of-bounds in sock_setsockopt+0x1284/0x13d0 at > addr 88006563ec10 > Read of size 4 by task syzkaller_execu/4755 > = > BUG RAWv6 (Not

net: heap-out-of-bounds in sock_setsockopt

2015-12-16 Thread Dmitry Vyukov
Hello, The following program triggers heap-out-of-bounds access in sock_setsockopt: // autogenerated by syzkaller (http://github.com/google/syzkaller) #include #include #include #include #include #include #include #define SOF_TIMESTAMPING_OPT_ID (1<<7) int main() { int fd =

Re: net: heap-out-of-bounds in sock_setsockopt

2015-12-16 Thread Cong Wang
On Wed, Dec 16, 2015 at 11:34 AM, Dmitry Vyukov wrote: > BUG: KASAN: slab-out-of-bounds in sock_setsockopt+0x1284/0x13d0 at > addr 88006563ec10 > Read of size 4 by task syzkaller_execu/4755 > = >

Re: net: heap-out-of-bounds in sock_setsockopt

2015-12-16 Thread Eric Dumazet
On Wed, Dec 16, 2015 at 12:22 PM, Cong Wang wrote: > Hmm, we should exclude the raw socket case, something like the > following, but I am not sure if the check is too strict or not, also > not sure if we should return an error for this raw socket case. > > diff --git

net: heap-out-of-bounds in sock_setsockopt

2015-12-16 Thread Dmitry Vyukov
Hello, The following program triggers heap-out-of-bounds access in sock_setsockopt: // autogenerated by syzkaller (http://github.com/google/syzkaller) #include #include #include #include #include #include #include #define SOF_TIMESTAMPING_OPT_ID (1<<7) int main() { int fd =

Re: net: heap-out-of-bounds in sock_setsockopt

2015-12-16 Thread Willem de Bruijn
> > Hmm, we should exclude the raw socket case, something like the > following, but I am not sure if the check is too strict or not, also > not sure if we should return an error for this raw socket case. No, SOF_TIMESTAMPING_OPT_ID with SOCK_RAW/IPPROTO_TCP is legitimate. It should fall through