| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
Date: Wed, 5 Feb 2014 18:42:45 +0100 From: Oleg Nesterov <oleg@...hat.com> To: Denys Vlasenko <dvlasenk@...hat.com> Cc: linux-kernel@...r.kernel.org, Al Viro <viro@...iv.linux.org.uk>, Jan Kratochvil <jan.kratochvil@...hat.com>, Amerigo Wang <amwang@...hat.com>, "Jonathan M. Foote" <jmfoote@...t.org>, Roland McGrath <roland@...k.frob.com>, Pedro Alves <palves@...hat.com>, Fengguang Wu <fengguang.wu@...el.com>, Stephen Rothwell <sfr@...b.auug.org.au> Subject: Re: [PATCH] fs: fix d_path() with zero-length input buffer On 02/05, Denys Vlasenko wrote: > > In prepend_name(), *buflen < dlen + 1 comparison is buggy > because dlen has unsigned data type, and we can reach this location > with *buflen == -1. because, say, path_with_deleted() doesn't check the result of prepend(), and prepend() updates *buflen unconditionally. I am wondering if it should be changed too just for consistency. > --- a/fs/dcache.c > +++ b/fs/dcache.c > @@ -2833,7 +2833,7 @@ static int prepend_name(char **buffer, int *buflen, struct qstr *name) > u32 dlen = ACCESS_ONCE(name->len); > char *p; > > - if (*buflen < dlen + 1) > + if (*buflen < (int)dlen + 1) perhaps it would be better to simply make dlen "int" ? Oleg. -- To unsubscribe from this list: send the line "unsubscribe linux-kernel" in the body of a message to majordomo@...r.kernel.org More majordomo info at http://vger.kernel.org/majordomo-info.html Please read the FAQ at http://www.tux.org/lkml/
Powered by blists - more mailing lists