lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list] 
Message-ID: <20121002142723.GA2323@andromeda.usersys.redhat.com>
Date:	Tue, 2 Oct 2012 11:27:23 -0300
From:	Carlos Maiolino <cmaiolino@...hat.com>
To:	linux-ext4@...r.kernel.org
Subject: Re: [PATCH 2/2] ext3: ext3_bread usage audit

Hi Jan
On Tue, Oct 02, 2012 at 03:55:13PM +0200, Jan Kara wrote:
> On Mon 01-10-12 16:50:55, Carlos Maiolino wrote:
> > This is the ext3 version of the same patch applied to Ext4, where such goal is
> > to audit the usage of ext3_bread() due a possible misinterpretion of its return
> > value.
> > 
> > Focused on directory blocks, a NULL value returned from ext3_bread() means a
> > hole, which cannot exist into a directory inode. It can pass undetected after a
> > fix in an uninitialized error variable.
> > 
> > The (now) initialized variable into ext3_getblk() may lead to a zero'ed return
> > value of ext3_bread() to its callers, which can make the caller do not detect
> > the hole in the directory inode.
> > 
> > This checks for directory holes when buffer_head and error value are both
> > zero'ed returning -EIO to their callers
> > 
> > Some ext3_bread() callers do not needed any changes either because they already
> > had its own hole detector paths or because these are deprecaded (like
> > dx_show_entries)
>   Umm, can you wrap the check for hole + error message in a helper function
> like ext3_dir_bread() please? That would save us quite some dupplication..
> Thanks!
>
I thought about a kind of handler too, but haven't done something like that by
Ted's suggestion. Please see thread
http://marc.info/?l=linux-ext4&m=134827512716575&w=2

But I can work on a kind of wrapper for ext3 if this is ok for you and send a V2
version of this patch.

Cheers,
Carlos  

-- 
--Carlos
--
To unsubscribe from this list: send the line "unsubscribe linux-ext4" in
the body of a message to majordomo@...r.kernel.org
More majordomo info at  http://vger.kernel.org/majordomo-info.html

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ