lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list]
Message-ID: <20120807185053.GA30272@thunk.org>
Date:	Tue, 7 Aug 2012 14:50:53 -0400
From:	Theodore Ts'o <tytso@....edu>
To:	Zheng Liu <gnehzuil.liu@...il.com>
Cc:	linux-ext4@...r.kernel.org, Zheng Liu <wenqing.lz@...bao.com>
Subject: Re: [PATCH 06/36 v4] libext2fs: add data structures for inline data
 feature

On Tue, Jul 31, 2012 at 07:47:59PM +0800, Zheng Liu wrote:
> +struct ext2_ext_attr_ibody_header {
> +	__u32	h_magic;
> +};
> +

I've searched through the entire patch series, and I don't find any
usage of h_magic, and in fact the only place this structure definition
is used is in ext2fs_get_inline_xattr_pos().

So that's a bit worrying; if this is a magic number, then it should be
checked (and an error returned if the magic number is not what we
expect it tobe).  Add checks into e2fsck would also be a really good
idea.  Also, what is the value that h_magic is epxected to be?  It
needs to be defined here.

It's also clear from looking at this function that this patch
significantly changes the layout of the extended attribute block of
data.  It would be a really good idea to add some ascii art to
document exactly what is going on.  A diagram so it's obvious to
future developers about the data layout is really needed.

Regards,

						- Ted
--
To unsubscribe from this list: send the line "unsubscribe linux-ext4" in
the body of a message to majordomo@...r.kernel.org
More majordomo info at  http://vger.kernel.org/majordomo-info.html

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ