lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list] 
Date:	Tue, 01 Dec 2009 16:56:33 +0800
From:	Cong Wang <amwang@...hat.com>
To:	Eric Dumazet <eric.dumazet@...il.com>
CC:	linux-kernel@...r.kernel.org, netdev@...r.kernel.org,
	"David S. Miller" <davem@...emloft.net>
Subject: Re: [Patch] net: fix an array index overflow

Eric Dumazet wrote:
> Amerigo Wang a écrit :
>> Don't use the address of an out-of-boundary element.
>>
>> Maybe this is not harmful at runtime, but it is still
>> good to improve it.
> 
> Why ?
> 
> for (ptr = start; ptr < end; ptr++) {}
> 
> is valid, even if 'end' is 'outside of bounds'
> 
> It also works if start == end.

I knew it's valid, that is why I said it's "not harmful".

> 
>> Signed-off-by: WANG Cong <amwang@...hat.com>
>> Cc: David S. Miller <davem@...emloft.net>
>>
>> ---
>> diff --git a/net/ipv4/af_inet.c b/net/ipv4/af_inet.c
>> index 57737b8..2669361 100644
>> --- a/net/ipv4/af_inet.c
>> +++ b/net/ipv4/af_inet.c
>> @@ -1586,7 +1586,7 @@ static int __init inet_init(void)
>>  #endif
>>  
>>  	/* Register the socket-side information for inet_create. */
>> -	for (r = &inetsw[0]; r < &inetsw[SOCK_MAX]; ++r)
>> +	for (r = &inetsw[0]; r <= &inetsw[SOCK_MAX-1]; ++r)
>>  		INIT_LIST_HEAD(r);
>>  
>>  	for (q = inetsw_array; q < &inetsw_array[INETSW_ARRAY_LEN]; ++q)
>> --
> 
> I wonder why you want to 'fix' this loop and let following loop unchanged...
> 
> 	for (q = inetsw_array; q < &inetsw_array[INETSW_ARRAY_LEN]; ++q)
> 		inet_register_protosw(q);
> 


Oh, I didn't catch it.

> If this really hurts your eyes, why not using basic loops ?


Yes, definitely this one is better.
Ack.


> 
> diff --git a/net/ipv4/af_inet.c b/net/ipv4/af_inet.c
> index 7d12c6a..476cda7 100644
> --- a/net/ipv4/af_inet.c
> +++ b/net/ipv4/af_inet.c
> @@ -1540,8 +1540,7 @@ static struct packet_type ip_packet_type __read_mostly = {
>  static int __init inet_init(void)
>  {
>  	struct sk_buff *dummy_skb;
> -	struct inet_protosw *q;
> -	struct list_head *r;
> +	int i;
>  	int rc = -EINVAL;
>  
>  	BUILD_BUG_ON(sizeof(struct inet_skb_parm) > sizeof(dummy_skb->cb));
> @@ -1584,11 +1583,11 @@ static int __init inet_init(void)
>  #endif
>  
>  	/* Register the socket-side information for inet_create. */
> -	for (r = &inetsw[0]; r < &inetsw[SOCK_MAX]; ++r)
> -		INIT_LIST_HEAD(r);
> +	for (i = 0; i < SOCK_MAX; i++)
> +		INIT_LIST_HEAD(&inetsw[i]);
>  
> -	for (q = inetsw_array; q < &inetsw_array[INETSW_ARRAY_LEN]; ++q)
> -		inet_register_protosw(q);
> +	for (i = 0; i < INETSW_ARRAY_LEN; i++)
> +		inet_register_protosw(&inetsw_array[i]);
>  
>  	/*
>  	 *	Set the ARP module up

--
To unsubscribe from this list: send the line "unsubscribe linux-kernel" in
the body of a message to majordomo@...r.kernel.org
More majordomo info at  http://vger.kernel.org/majordomo-info.html
Please read the FAQ at  http://www.tux.org/lkml/

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ