From patchwork Sun Dec 17 23:53:30 2017
Content-Type: text/plain; charset="utf-8"
MIME-Version: 1.0
Content-Transfer-Encoding: 7bit
X-Patchwork-Submitter: Tobin Harding <me@tobin.cc>
X-Patchwork-Id: 10118009
Return-Path: 
 <kernel-hardening-return-10972-patchwork-kernel-hardening=patchwork.kernel.org@lists.openwall.com>
Received: from mail.wl.linuxfoundation.org (pdx-wl-mail.web.codeaurora.org
	[172.30.200.125])
	by pdx-korg-patchwork.web.codeaurora.org (Postfix) with ESMTP id
	A8B46601C8 for <patchwork-kernel-hardening@patchwork.kernel.org>;
	Sun, 17 Dec 2017 23:54:12 +0000 (UTC)
Received: from mail.wl.linuxfoundation.org (localhost [127.0.0.1])
	by mail.wl.linuxfoundation.org (Postfix) with ESMTP id 9B40C2904D
	for <patchwork-kernel-hardening@patchwork.kernel.org>;
	Sun, 17 Dec 2017 23:54:12 +0000 (UTC)
Received: by mail.wl.linuxfoundation.org (Postfix, from userid 486)
	id 8F78429060; Sun, 17 Dec 2017 23:54:12 +0000 (UTC)
X-Spam-Checker-Version: SpamAssassin 3.3.1 (2010-03-16) on
	pdx-wl-mail.web.codeaurora.org
X-Spam-Level: 
X-Spam-Status: No, score=-4.1 required=2.0 tests=BAYES_00,DKIM_SIGNED,
	RCVD_IN_DNSWL_MED,T_DKIM_INVALID autolearn=ham version=3.3.1
Received: from mother.openwall.net (mother.openwall.net [195.42.179.200])
	by mail.wl.linuxfoundation.org (Postfix) with SMTP id AB2E52904D
	for <patchwork-kernel-hardening@patchwork.kernel.org>;
	Sun, 17 Dec 2017 23:54:11 +0000 (UTC)
Received: (qmail 25831 invoked by uid 550); 17 Dec 2017 23:54:03 -0000
Mailing-List: contact kernel-hardening-help@lists.openwall.com; run by ezmlm
Precedence: bulk
List-Post: <mailto:kernel-hardening@lists.openwall.com>
List-Help: <mailto:kernel-hardening-help@lists.openwall.com>
List-Unsubscribe: <mailto:kernel-hardening-unsubscribe@lists.openwall.com>
List-Subscribe: <mailto:kernel-hardening-subscribe@lists.openwall.com>
List-ID: <kernel-hardening.lists.openwall.com>
Delivered-To: mailing list kernel-hardening@lists.openwall.com
Received: (qmail 25676 invoked from network); 17 Dec 2017 23:54:02 -0000
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=tobin.cc; h=cc
	:date:from:in-reply-to:message-id:references:subject:to
	:x-me-sender:x-me-sender:x-sasl-enc; s=fm1; bh=mv9z9HTaqkDGkbVRI
	JoZECVXAOGc9V23vp+CWvUA21A=; b=CEtCj/Cf/fnMJNS1OcSCTLFj7znv+zADj
	hrRJzgkKFKb4hUaYfHnX+CGe0EP/TfiS8Usa/bpY5FPkylxa17ZGf+OzcPXVrjlm
	kxyPN8lx2jDxWBpLqsGT2HRCKAT8tKuu0EokFYN7fjwhuJvZ9hC6qOpjTpiWzlI/
	jfOjOtsMsk0Wy/rXA9xqHTHK1STY0mWng5n9xEES6q9ecc25nYa/+69eRLbmaaCe
	BHJ17vc0x79Dj6pFlKNAmiA5/aUXFrbFgDpl2kRun51H1TrIbZhxPgDPdlvPLbi1
	3YBhMYPNKMLh1zO6IP2X0CEZbOVL2ML7mKu6s8iUUKc5L9yHr+kmw==
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=
	messagingengine.com; h=cc:date:from:in-reply-to:message-id
	:references:subject:to:x-me-sender:x-me-sender:x-sasl-enc; s=
	fm1; bh=mv9z9HTaqkDGkbVRIJoZECVXAOGc9V23vp+CWvUA21A=; b=cxjOrePS
	damDF2NRl5mnBW/ky8xQ7s4T1qtCwmxsW07E6+K4ut3CkLG+K3T45eeeqebadqEH
	lJsBXo6NkwPF2spQw6f8hrYOTbEpeyip5/e+D3WTBHV/zV2kCc8o8zJ3cQJjpMTn
	Ct1mrTLxtT9A8ANqhGbmGNtJ63T+xAj0+TeKwi9raqy6Zmmkflp+MNTyFM96Gba7
	UGoCFziGqFhKRAXv4UiSdGzPKPgPqwRBz2JGUNhQ/+npLL1pvcKHi/Xd5YinIx61
	Ao7xk/bY5crTR2q2XtNfYXZrmAR2/VUhuNJyqxWAZsCqm6KzZW9bZj3SQ7HIO5nO
	waC4L6sA5Z6aNw==
X-ME-Sender: <xms:jwM3Wsf7ohfr3GcTZipVbaMA-3CJpntle_mx2LqsJdlk-k9rd1aziA>
From: "Tobin C. Harding" <me@tobin.cc>
To: kernel-hardening@lists.openwall.com
Cc: "Tobin C. Harding" <me@tobin.cc>, Steven Rostedt <rostedt@goodmis.org>,
	Tycho Andersen <tycho@tycho.ws>,
	Linus Torvalds <torvalds@linux-foundation.org>,
	Kees Cook <keescook@chromium.org>,
	Andrew Morton <akpm@linux-foundation.org>,
	Daniel Borkmann <daniel@iogearbox.net>,
	Masahiro Yamada <yamada.masahiro@socionext.com>,
	Alexei Starovoitov <ast@kernel.org>, linux-kernel@vger.kernel.org,
	Network Development <netdev@vger.kernel.org>
Date: Mon, 18 Dec 2017 10:53:30 +1100
Message-Id: <1513554812-13014-2-git-send-email-me@tobin.cc>
X-Mailer: git-send-email 2.7.4
In-Reply-To: <1513554812-13014-1-git-send-email-me@tobin.cc>
References: <1513554812-13014-1-git-send-email-me@tobin.cc>
Subject: [kernel-hardening] [PATCH 1/3] kallsyms: don't leak address when
	symbol not found
X-Virus-Scanned: ClamAV using ClamSMTP

Currently if kallsyms_lookup() fails to find the symbol then the address
is printed. This potentially leaks sensitive information. Instead of
printing the address we can return an error, giving the calling code the
option to print the address or print some sanitized message.

Return error instead of printing address to argument buffer. Leave
buffer in a sane state.

Signed-off-by: Tobin C. Harding <me@tobin.cc>
---
 kernel/kallsyms.c | 6 ++++--
 1 file changed, 4 insertions(+), 2 deletions(-)

diff --git a/kernel/kallsyms.c b/kernel/kallsyms.c
index d5fa4116688a..23b9336c1461 100644
--- a/kernel/kallsyms.c
+++ b/kernel/kallsyms.c
@@ -394,8 +394,10 @@ static int __sprint_symbol(char *buffer, unsigned long address,
 
 	address += symbol_offset;
 	name = kallsyms_lookup(address, &size, &offset, &modname, buffer);
-	if (!name)
-		return sprintf(buffer, "0x%lx", address - symbol_offset);
+	if (!name) {
+		buffer[0] = '\0';
+		return -1;
+	}
 
 	if (name != buffer)
 		strcpy(buffer, name);