Re: [PATCH v2] socket: Provide put_cmsg_whitelist() for constant size copies

From: Kees Cook Date: Wed, 7 Feb 2018 05:36:02 +1100 > Making put_cmsg() inline would help quite a bit with tracking the > builtin_const-ness, and that could speed things up a little bit too. > Would you be opposed to inlining? Nope.

Re: [PATCH v2] socket: Provide put_cmsg_whitelist() for constant size copies

From: Kees Cook Date: Wed, 7 Feb 2018 05:36:02 +1100 > Making put_cmsg() inline would help quite a bit with tracking the > builtin_const-ness, and that could speed things up a little bit too. > Would you be opposed to inlining? Nope.

Re: [PATCH v2] socket: Provide put_cmsg_whitelist() for constant size copies

On Wed, Feb 7, 2018 at 3:19 AM, David Miller wrote: > From: Kees Cook > Date: Tue, 6 Feb 2018 04:31:50 +1100 > >> On Tue, Feb 6, 2018 at 2:03 AM, David Miller wrote: >>> From: Kees Cook >>> Date: Fri, 2 Feb

Re: [PATCH v2] socket: Provide put_cmsg_whitelist() for constant size copies

On Wed, Feb 7, 2018 at 3:19 AM, David Miller wrote: > From: Kees Cook > Date: Tue, 6 Feb 2018 04:31:50 +1100 > >> On Tue, Feb 6, 2018 at 2:03 AM, David Miller wrote: >>> From: Kees Cook >>> Date: Fri, 2 Feb 2018 02:27:49 -0800 >>> @@ -343,6 +343,14 @@ struct ucred { extern int

Re: [PATCH v2] socket: Provide put_cmsg_whitelist() for constant size copies

From: Kees Cook Date: Tue, 6 Feb 2018 04:31:50 +1100 > On Tue, Feb 6, 2018 at 2:03 AM, David Miller wrote: >> From: Kees Cook >> Date: Fri, 2 Feb 2018 02:27:49 -0800 >> >>> @@ -343,6 +343,14 @@ struct ucred { >>> >>> extern

Re: [PATCH v2] socket: Provide put_cmsg_whitelist() for constant size copies

From: Kees Cook Date: Tue, 6 Feb 2018 04:31:50 +1100 > On Tue, Feb 6, 2018 at 2:03 AM, David Miller wrote: >> From: Kees Cook >> Date: Fri, 2 Feb 2018 02:27:49 -0800 >> >>> @@ -343,6 +343,14 @@ struct ucred { >>> >>> extern int move_addr_to_kernel(void __user *uaddr, int ulen, struct >>>

Re: [PATCH v2] socket: Provide put_cmsg_whitelist() for constant size copies

On Tue, Feb 6, 2018 at 2:03 AM, David Miller wrote: > From: Kees Cook > Date: Fri, 2 Feb 2018 02:27:49 -0800 > >> @@ -343,6 +343,14 @@ struct ucred { >> >> extern int move_addr_to_kernel(void __user *uaddr, int ulen, struct >> sockaddr_storage

Re: [PATCH v2] socket: Provide put_cmsg_whitelist() for constant size copies

On Tue, Feb 6, 2018 at 2:03 AM, David Miller wrote: > From: Kees Cook > Date: Fri, 2 Feb 2018 02:27:49 -0800 > >> @@ -343,6 +343,14 @@ struct ucred { >> >> extern int move_addr_to_kernel(void __user *uaddr, int ulen, struct >> sockaddr_storage *kaddr); >> extern int put_cmsg(struct msghdr*,

Re: [PATCH v2] socket: Provide put_cmsg_whitelist() for constant size copies

From: Kees Cook Date: Fri, 2 Feb 2018 02:27:49 -0800 > @@ -343,6 +343,14 @@ struct ucred { > > extern int move_addr_to_kernel(void __user *uaddr, int ulen, struct > sockaddr_storage *kaddr); > extern int put_cmsg(struct msghdr*, int level, int type, int len, void >

Re: [PATCH v2] socket: Provide put_cmsg_whitelist() for constant size copies

From: Kees Cook Date: Fri, 2 Feb 2018 02:27:49 -0800 > @@ -343,6 +343,14 @@ struct ucred { > > extern int move_addr_to_kernel(void __user *uaddr, int ulen, struct > sockaddr_storage *kaddr); > extern int put_cmsg(struct msghdr*, int level, int type, int len, void > *data); > +/* > + *

[PATCH v2] socket: Provide put_cmsg_whitelist() for constant size copies

Most callers of put_cmsg() use a "sizeof(foo)" for the length argument. But within put_cmsg(), the copy_to_user() call is made with a dynamic length, as a result of the cmsg header calculations. This means that hardened usercopy will examine the copy, even though it was technically a fixed size

[PATCH v2] socket: Provide put_cmsg_whitelist() for constant size copies

Most callers of put_cmsg() use a "sizeof(foo)" for the length argument. But within put_cmsg(), the copy_to_user() call is made with a dynamic length, as a result of the cmsg header calculations. This means that hardened usercopy will examine the copy, even though it was technically a fixed size