| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
Date: Mon, 31 Mar 2008 19:04:54 +0800 From: Wang Chen <wangchen@...fujitsu.com> To: YOSHIFUJI Hideaki / 吉藤英明 <yoshfuji@...ux-ipv6.org> CC: davem@...emloft.net, netdev@...r.kernel.org Subject: Re: [2.6 PATCH] IPV6: Check length of optval provided by user in setsockopt() YOSHIFUJI Hideaki / 吉藤英明 said the following on 2008-3-31 18:53: >>>> Check length of setsockopt's optval, which provided by user, before copy it >>>> from user space. >>> Please use "<" not "==". >>> >> There are two reasons that why I only check whether >> len of optval is equal to that one in user space. >> 1. We currently copy the entire structure from user >> to kernel. >> 2. In other cases, such as IPV6_LEAVE/JOIN_ANYCAST, >> we check whether the len is equal to struct's len. >> >> So, Yoshifuji-san, can you tell me more about why we >> should use "<"? :) > > POSIX, as we have some comments in that file ;-). > If it is shorter than expected, -EINVAL, otherwise, no error. > We need to fix other sites as well. > ooh, I see. I will take a business trip to Japan tomorrow and I will finish this patch since I come back weekend. Thank you for your explanation. --WCN -- To unsubscribe from this list: send the line "unsubscribe netdev" in the body of a message to majordomo@...r.kernel.org More majordomo info at http://vger.kernel.org/majordomo-info.html
Powered by blists - more mailing lists