| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
Date: Fri, 18 May 2007 12:53:48 +0100 From: Richard Purdie <richard@...nedhand.com> To: Nitin Gupta <nitingupta910@...il.com> Cc: Heikki Orsila <shdl@...alwe.fi>, linux-kernel@...r.kernel.org, "Markus F.X.J. Oberhumer" <markus@...rhumer.com> Subject: Re: [RFC] LZO1X de/compression support On Fri, 2007-05-18 at 16:57 +0530, Nitin Gupta wrote: > On 5/18/07, Heikki Orsila <shdl@...alwe.fi> wrote: > > Good work.. > > > > On Fri, May 18, 2007 at 03:28:31PM +0530, Nitin Gupta wrote: > > > Facts for LZO (at least for original code. Should hold true for this > > > port also - hence the RFC!): > > > - The compressor can never overrun buffer. > > > - The "non-safe" version of decompressor can never overrun buffer if > > > compressed data is unmodified. I am not sure about this if compressed > > > data is malicious (to be confirmed from the author). > > > - The "safe" version can never crash (buffer overrun etc.) - confirmed > > > from the author. > > > > What's the proof? > > I confirmned these from the author - I just ported this code. I think > he can answer you better - CC'ed him :-) The thing is this is more your code now, not his and you should be able to answer this question... Regards, Richard - To unsubscribe from this list: send the line "unsubscribe linux-kernel" in the body of a message to majordomo@...r.kernel.org More majordomo info at http://vger.kernel.org/majordomo-info.html Please read the FAQ at http://www.tux.org/lkml/
Powered by blists - more mailing lists