lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list] 
Date:	Wed, 14 Apr 2010 07:40:00 -0700
From:	"Justin P. mattock" <justinmattock@...il.com>
To:	Joe Perches <joe@...ches.com>
CC:	Eric Paris <eparis@...hat.com>, linux-kernel@...r.kernel.org
Subject: Re: [REGRESSION PATCH] vsprintf: increase sizeof precision in printf_spec

On 04/13/2010 08:01 PM, Joe Perches wrote:
> On Tue, 2010-04-13 at 22:44 -0400, Eric Paris wrote:
>> On Tue, 2010-04-13 at 18:33 -0700, Joe Perches wrote:
>>> On Tue, 2010-04-13 at 21:13 -0400, Eric Paris wrote:
>>>> Patch ef0658f3de484bf9b173639cd47544584e01efa5 changed the precision field
>>>> from and int to an s8.  Problem is that we have code which uses a much larger
>>>> precision in the kernel.  An example would in the audit code where we have:
>>>>
>>>> vsnprintf(...,..., " msg='%.1024s'", (char *)data);
>>>>
>>>> which causes precision to be too large and end up truncating to nothing.
>>>> Raising the size of the precision fixes the audit system issue.  It also does
>>>> not affect the alignment of the struct according to pahole and is still
>>>> approprietely packed.
>>>
>>> I don't see how it could be appropriately packed.
>>
>> I was just saying there was no padding inside the struct, although you
>> are right about it now being longer than 64.
>
> Which is bad.
>
>> But what does __attribute__((packed)) buy us?
>
> It could force the size to be 64 bits on more platforms.
>
>> I'll gladly resend with u8 type and s16 precision if that's the best
>> solution.
>
> Reordering struct members to keep width and precision
> together seems appropriate.  The attribute may not be.
>
> struct printf_spec {
> 	u8 type;
> 	u8 flags;		/* flags to number() */
> 	u8 base;
> 	u8 qualifier;
> 	s16 field_width;	/* width of output field */
> 	s16 precision;		/* # of digits/chars */
> };
>
>
> --
> To unsubscribe from this list: send the line "unsubscribe linux-kernel" in
> the body of a message to majordomo@...r.kernel.org
> More majordomo info at  http://vger.kernel.org/majordomo-info.html
> Please read the FAQ at  http://www.tux.org/lkml/
>


o.k. just added this patch from the first post,
and the avc's look complete.(I'll keep an eye on
nscd to make sure those avc's are complete as well).

looks good over here.

Justin P. Mattock
--
To unsubscribe from this list: send the line "unsubscribe linux-kernel" in
the body of a message to majordomo@...r.kernel.org
More majordomo info at  http://vger.kernel.org/majordomo-info.html
Please read the FAQ at  http://www.tux.org/lkml/

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ