| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
Date: Fri, 20 Oct 2017 08:59:52 +0000
From: David Laight <David.Laight@...LAB.COM>
To: 'Egil Hjelmeland' <privat@...l-hjelmeland.no>,
'Andrew Lunn' <andrew@...n.ch>,
Vivien Didelot <vivien.didelot@...oirfairelinux.com>
CC: "f.fainelli@...il.com" <f.fainelli@...il.com>,
"netdev@...r.kernel.org" <netdev@...r.kernel.org>,
"linux-kernel@...r.kernel.org" <linux-kernel@...r.kernel.org>
Subject: RE: [PATCH v2 net-next 1/2] net: dsa: lan9303: Add port_fast_age
and port_fdb_dump methods
From: Egil Hjelmeland
> Sent: 19 October 2017 17:53
...
> >> IMHO it is best to define a struct for the 'ctx and then do:
> >> ..., void *v_ctx)
> >> {
> >> foo_ctx *ctx = v_ctx;
> >> int port = ctx->port;
> >>
> >> That stops anyone having to double-check that the *(int *)
> >> is operating on a pointer to an integer of the correct size.
> >>
> >
> > Does casting to a struct pointer require less manual double-check than
> > to a int-pointer? In neither cases the compiler can protect us, IFAIK.
> > But on the other hand, a the text "foo_ctx" can searched in the editor.
> > So in that respect it can somewhat aid to the double-checking.
> >
> > So I can do that.
> >
> >
>
> I understand now that the caller side (lan9303_port_fast_age) is
> vulnerable. Say somebody has the idea to change the "port" param
> of .port_fast_age from int to u8, then my code is a trap.
Worse, change it to a long and it will work on everything except
64bit big-endian systems.
David
Powered by blists - more mailing lists