lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list] 
Date:   Thu, 7 Jun 2018 05:12:51 -0500
From:   Alex Elder <elder@...aro.org>
To:     Viresh Kumar <viresh.kumar@...aro.org>,
        Johan Hovold <johan@...nel.org>
Cc:     Bernd Petrovitsch <bernd@...rovitsch.priv.at>,
        "Du, Changbin" <changbin.du@...el.com>,
        Steven Rostedt <rostedt@...dmis.org>,
        gregkh@...uxfoundation.org, alex.elder@...aro.org,
        kbuild test robot <lkp@...el.com>,
        linux-arch@...r.kernel.org, michal.lkml@...kovi.net,
        linux-kernel@...r.kernel.org, arnd@...db.de,
        yamada.masahiro@...ionext.com, lgirdwood@...il.com,
        broonie@...nel.org, rdunlap@...radead.org, x86@...nel.org,
        linux@...linux.org.uk, linux-sparse@...r.kernel.org,
        mingo@...hat.com, kbuild-all@...org, akpm@...ux-foundation.org,
        changbin.du@...il.com, tglx@...utronix.de,
        linux-kbuild@...r.kernel.org, linux-arm-kernel@...ts.infradead.org
Subject: Re: [PATCH v5 2/4] kernel hacking: new config NO_AUTO_INLINE to
 disable compiler auto-inline optimizations

On 06/07/2018 04:19 AM, Viresh Kumar wrote:
> On 07-06-18, 11:18, Johan Hovold wrote:
>> If you want to work around the warning and think you can do it in some
>> non-contrived way, then go for it.
>>
>> Clearing the request buffer, checking for termination using strnlen, and
>> then using memcpy might not be too bad.
>>
>> But after all, it is a false positive, so leaving things as they stand
>> is fine too.
> 
> Leave it then :)
> 

It's interesting that the warning isn't reported for this in
fw_mgmt_interface_fw_version_operation().  The difference there is
that you actually put a zero byte at that last position before
returning.  I'm mildly impressed if gcc is distinguishing that.

You *are* returning the fw_info->firmware_tag array newly filled
with a non-null-terminated string in one of the two cases that
get warnings in "fw-management.c".  But the other one is only
updating a buffer in a local/automatic variable.

Weird.  I wish there were a non-clumsy way of marking false positives
like this as A-OK.

					-Alex

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ