lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list]
Date:	Mon, 17 Sep 2012 11:37:01 -0400
From:	Theodore Ts'o <tytso@....edu>
To:	Eric Sandeen <sandeen@...hat.com>
Cc:	Carlos Maiolino <cmaiolino@...hat.com>, linux-ext4@...r.kernel.org
Subject: Re: [v2] ext4: fix possible non-initialized variable

On Mon, Sep 17, 2012 at 10:30:46AM -0500, Eric Sandeen wrote:
> fwiw, the uninit variable came about as part of
> 2ed886852adfcb070bf350e66a0da0d98b2f3ab5; before that we happily
> returned 0 for an unmapped block; see below.  So unless something
> else has changed since then, Carlos' patch shouldn't be doing any
> harm, at least.  An audit may be in order but anyone
> misunderstanding a NULL/0 return has probably been that way for a
> while.

Hmm, good point.

This is an audit that needs to happen for ext3 and ext4 as well, BTW
--- the callers of ext3_getblk() don't do the right thing when
ext3_getblk returns NULL and sets *errp to zero.

Fortunately it's rare that we have directories with holes, but there
are definitely bugs in terms of undefined behavior in the case of
directories with holes that we should look at and fix.

	    	       	       	      	      - Ted

--
To unsubscribe from this list: send the line "unsubscribe linux-ext4" in
the body of a message to majordomo@...r.kernel.org
More majordomo info at  http://vger.kernel.org/majordomo-info.html

Powered by blists - more mailing lists