lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
Open Source and information security mailing list archives
| ||
|
Date: Fri, 29 Oct 2010 10:01:19 -0700 From: Linus Torvalds <torvalds@...ux-foundation.org> To: Al Viro <viro@...iv.linux.org.uk> Cc: David Miller <davem@...emloft.net>, netdev@...r.kernel.org, jon.maloy@...csson.com, allan.stephens@...driver.com, Dan Rosenberg <drosenberg@...curity.com> Subject: Re: [PATCH] net: Limit socket I/O iovec total length to INT_MAX. On Fri, Oct 29, 2010 at 9:45 AM, Al Viro <viro@...iv.linux.org.uk> wrote: > > I don't see anything obviously broken (and we obviously have allowed > iov_len == 0 cases all along, so if anything, breakage won't be new). > However, I wonder if things like sendmsg() for datagrams have warranties > against silent truncation. Davem? You missed that discussion - my argument is that anybody who thinks that they can send a single packet that is 2GB+ in size are already screwed. And the packet protocol will have some inherent upper limit anyway (possibly introduced by just allocation issues, but quite likely inherent to the protocol itself) And yes, the iov_len = 0 case has always been possible and accepted so my patch doesn't really change anything. In fact, I think it even happens (simple example: the easiest way for user space to resume a partial writev() is to basically subtract out the return value from the iovec and then re-submit it - so getting zero iovec entries at the beginning in particular would not necessarily even be odd) Linus -- To unsubscribe from this list: send the line "unsubscribe netdev" in the body of a message to majordomo@...r.kernel.org More majordomo info at http://vger.kernel.org/majordomo-info.html
Powered by blists - more mailing lists