lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list] 
Date:	Wed, 09 Sep 2015 18:16:42 -0500
From:	Eric Paris <eparis@...hat.com>
To:	Dave Hansen <dave@...1.net>
Cc:	john@...nmccutchan.com, rlove@...ve.org,
	linux-kernel@...r.kernel.org, stable@...r.kernel.org,
	akpm@...ux-foundation.org
Subject: Re: [PATCH] inotify: actually check for invalid bits in
 sys_inotify_add_watch()

Looks fine to me. And usually akpm picks them up these days.

On Wed, 2015-09-09 at 14:59 -0700, Dave Hansen wrote:
> On 06/30/2015 10:36 AM, Dave Hansen wrote:
> > From: Dave Hansen <dave.hansen@...ux.intel.com>
> > 
> > The comment here says that it is checking for invalid bits.  But,
> > the mask is *actually* checking to ensure that _any_ valid bit
> > is set, which is quite different.
> > 
> > Add the actual check which was intended.  Retain the existing
> > check because it actually does something useful: ensure that some
> > inotify bits are being added to the watch.  Plus, this is
> > existing behavior which would be nice to preserve.
> > 
> > I did a quick sniff test that inotify functions and that my
> > 'inotify-tools' package passes 'make check'.
> 
> Did anybody have any comments on this patch?  Who picks up inotify
> patches?
> 
> >  b/fs/notify/inotify/inotify_user.c |    3 +++
> >  1 file changed, 3 insertions(+)
> > 
> > diff -puN fs/notify/inotify/inotify_user.c~inotify-EINVAL-on
> > -invalid-bit fs/notify/inotify/inotify_user.c
> > --- a/fs/notify/inotify/inotify_user.c~inotify-EINVAL-on-invalid
> > -bit	2015-06-26 13:33:30.277219285 -0700
> > +++ b/fs/notify/inotify/inotify_user.c	2015-06-26
> > 13:35:19.026122033 -0700
> > @@ -707,6 +707,9 @@ SYSCALL_DEFINE3(inotify_add_watch, int,
> >  	unsigned flags = 0;
> >  
> >  	/* don't allow invalid bits: we don't want flags set */
> > +	if (unlikely(mask & ~ALL_INOTIFY_BITS))
> > +		return -EINVAL;
> > +	/* require at least one valid bit set in the mask */
> >  	if (unlikely(!(mask & ALL_INOTIFY_BITS)))
> >  		return -EINVAL;
> >  
> > _
> > 
> 
--
To unsubscribe from this list: send the line "unsubscribe linux-kernel" in
the body of a message to majordomo@...r.kernel.org
More majordomo info at  http://vger.kernel.org/majordomo-info.html
Please read the FAQ at  http://www.tux.org/lkml/

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ