| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
Date: Wed, 03 Dec 2008 10:19:01 -0600
From: James Bottomley <James.Bottomley@...senPartnership.com>
To: roel kluin <roel.kluin@...il.com>
Cc: linux-scsi@...r.kernel.org, linux-kernel@...r.kernel.org
Subject: Re: [PATCH] [SCSI] libsas: fix test for negative unsigned and typos
On Sat, 2008-11-29 at 11:31 -0500, roel kluin wrote:
> unsigned req->data_len cannot be negative, and fix typo
>
> Signed-off-by: Roel Kluin <roel.kluin@...il.com>
> ---
> I am not sure whether this is what was intended, please review.
I think it was. The fix looks like we need it. However:
> diff --git a/drivers/scsi/libsas/sas_host_smp.c b/drivers/scsi/libsas/sas_host_smp.c
> index 16f9312..6eb0779 100644
> --- a/drivers/scsi/libsas/sas_host_smp.c
> +++ b/drivers/scsi/libsas/sas_host_smp.c
> @@ -199,12 +199,12 @@ int sas_smp_host_handler(struct Scsi_Host *shost, struct request *req,
> break;
>
> case SMP_DISCOVER:
> - req->data_len =- 16;
> - if (req->data_len < 0) {
> + if (req->data_len < 15) {
> req->data_len = 0;
> error = -EINVAL;
> goto out;
> }
What I don't like about this code is the magic numbers for lengths.
This patch now doubles them (and makes them even more magic by having <
n-1). How about fixing it like this instead:
if ((int)req->data_len < 0) {
...
That way the signed comparison just works if there was a negative
overflow?
Thanks,
James
--
To unsubscribe from this list: send the line "unsubscribe linux-kernel" in
the body of a message to majordomo@...r.kernel.org
More majordomo info at http://vger.kernel.org/majordomo-info.html
Please read the FAQ at http://www.tux.org/lkml/
Powered by blists - more mailing lists