KASAN: slab-out-of-bounds Read in strcmp
Tetsuo Handa
penguin-kernel at I-love.SAKURA.ne.jp
Mon Dec 4 10:49:10 UTC 2017
Tetsuo Handa wrote:
> James Morris wrote:
> > On Sun, 3 Dec 2017, Tetsuo Handa wrote:
> >
> > > Tetsuo Handa wrote:
> > > > which will allow strcmp() to trigger out of bound read when "size" is
> > > > larger than strlen(initial_sid_to_string[i]).
> > >
> > > Oops. "smaller" than.
> > >
> > > >
> > > > Thus, I guess the simplest fix is to use strncmp() instead of strcmp().
> > >
> > > Can somebody test below patch? (My CentOS 7 environment does not support
> > > enabling SELinux in linux.git . Userspace tool is too old to support?)
> >
> > You mean enabling KASAN? Yep, you need gcc 4.9.2 or better. Recent
> > Fedora has it.
>
> I was not able to find "SELinux: Initializing." line for some reason, and
> it turned out that I just forgot to run "make install". ;-)
>
> I tested using debug printk() and init for built-in initramfs shown below.
> It is strange that KASAN does not trigger upon strcmp()ing
> initial_sid_to_string[1]. But anyway, my patch fixes this problem.
Sorry for noise. It was just initial_sid_to_string[10] which compared the second byte.
Thus, nothing is strange.
--
To unsubscribe from this list: send the line "unsubscribe linux-security-module" in
the body of a message to majordomo at vger.kernel.org
More majordomo info at http://vger.kernel.org/majordomo-info.html
More information about the Linux-security-module-archive
mailing list