lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list] 
Date:   Thu, 1 Feb 2018 10:14:29 +0000
From:   David Laight <David.Laight@...LAB.COM>
To:     "'Gustavo A. R. Silva'" <garsilva@...eddedor.com>,
        Alan Cox <gnomes@...rguk.ukuu.org.uk>
CC:     "Gustavo A. R. Silva" <gustavo@...eddedor.com>,
        "Wong Hoi Sing, Edison" <hswong3i@...il.com>,
        "Hung Hing Lun, Mike" <hlhung3i@...il.com>,
        "David S. Miller" <davem@...emloft.net>,
        Alexey Kuznetsov <kuznet@....inr.ac.ru>,
        Hideaki YOSHIFUJI <yoshfuji@...ux-ipv6.org>,
        "netdev@...r.kernel.org" <netdev@...r.kernel.org>,
        "linux-kernel@...r.kernel.org" <linux-kernel@...r.kernel.org>
Subject: RE: [PATCH] tcp_lp: use 64-bit arithmetic instead of 32-bit

> > The question you need to ask is 'can it overflow 32bit maths', otherwise
> > you are potentially making the system do extra work for no reason.
> >
> 
> Yeah, I get your point and it seems that in this particular case there
> is no risk of a 32bit overflow, but in general and IMHO as the code
> evolves, the use of incorrect arithmetic may have security
> implications in the future, so I advocate for code correctness in this
> case.

Even if the variable are 64bit you still need to worry (maybe less)
about arithmetic overflow.
The only real way to avoid overflow is to understand the domain
of the values being used.

	David

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ