lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list] 
Date:	Sun, 25 Jul 2010 16:47:17 +0200
From:	walter harms <wharms@....de>
To:	Lennert Buytenhek <buytenh@...tstofly.org>
CC:	Dan Carpenter <error27@...il.com>, Joe Perches <joe@...ches.com>,
	"David S. Miller" <davem@...emloft.net>,
	Jiri Pirko <jpirko@...hat.com>,
	Denis Kirjanov <kirjanov@...il.com>,
	Saeed Bishara <saeed@...vell.com>, netdev@...r.kernel.org,
	kernel-janitors@...r.kernel.org
Subject: Re: [patch -next v2] mv643xx_eth: potential null dereference



Lennert Buytenhek schrieb:
> On Sat, Jul 24, 2010 at 10:59:07AM +0200, walter harms wrote:
> 
>> IMHO it would be better to make sure that pd->t_clk,pd->tx_csum_limit
>> have usefull values than adding a check but this is up to the maintainer.
> 
> I don't see the point of that at all.  We check against zero to see
> whether the caller bothered to fill in the field at all, but if the
> caller wants to pass in bogus values, that's up to the caller.
> 
at first i have to admit i looked only at the patch.
for me the situation looks this way:

You check the values for 0 (and uses default) or take what ever in pd is.
The current code is setup like:

  1. check if pd is set
  2. check if pd->value is non zero and use it

the whole "check X" can be avoided if you could create a pd with all values
set to default and just take what comes from the user.

my objection agains this kind of code is that it is not obvious
what some one is trying to archive
(pd != NULL && pd->t_clk != 0) ? pd->t_clk : 133000000;

the pd check means: do i have a configuration  ?
the pd->t_clk != 0 means: should i use then or default ?

This is mixing two very different questions. therefore my idea in the last
posting to have a default init if (!pd) and then use the else to make clear
that additional checks for pd->value are expected.

this this is the init code readability and simplicity should be king.

hope that helps,
re,
 wh


--
To unsubscribe from this list: send the line "unsubscribe netdev" in
the body of a message to majordomo@...r.kernel.org
More majordomo info at  http://vger.kernel.org/majordomo-info.html

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ