lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [<thread-prev] [day] [month] [year] [list] 
Date:   Thu, 21 Sep 2017 18:09:55 +0100
From:   Al Viro <viro@...IV.linux.org.uk>
To:     arvind <arvind.yadav.cs@...il.com>
Cc:     gregkh@...uxfoundation.org, linux-kernel@...r.kernel.org
Subject: Re: [PATCH] debugfs: Add check for module parameter name

On Thu, Sep 21, 2017 at 10:17:46PM +0530, arvind wrote:
> Hi,
> 
> On Thursday 21 September 2017 06:14 PM, Al Viro wrote:
> > On Thu, Sep 21, 2017 at 05:46:54PM +0530, Arvind Yadav wrote:
> > > Here, start_creating() is calling by debugfs_create_dir()
> > > and debugfs_create_automount(). driver can pass name as NULL in
> > > debugfs_create_dir and debugfs_create_automount. So we need to
> > > add check for 'name'.
> > Huh?  "Driver can pass any kind of crap pointer when calling this
> > function, so let's check if that crap happens to be NULL and bail
> > out in that particular case"?  Or am I misreading that?
> Your are correct.
> > 
> > Do you have any in-tree examples, or is that about some out-of-tree
> > code that needs to be saved from itself?
> > 
> Please check "drivers/base/power/opp/debugfs.c"
> 
> static bool opp_debug_create_supplies(struct dev_pm_opp *opp,
>                                       struct opp_table *opp_table,
>                                       struct dentry *pdentry)
> {
>         struct dentry *d;
>         int i;
>         char *name;
> 
>         for (i = 0; i < opp_table->regulator_count; i++) {
>                 name = kasprintf(GFP_KERNEL, "supply-%d", i);
> 
>                 /* Create per-opp directory */
>                 d = debugfs_create_dir(name, pdentry);
> 
>                 kfree(name);

Umm...  Looks like crap, to be honest.  And not just that function -
if anything in there fails to create a file, the thing leaks all
kinds of garbage.

AFAICS, that code has never been tested (and probably not thought
through in the first place) in case of allocation failures.  So
much that an oops might be a mercy - at least then somebody might
consider getting it into sane shape...

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ