| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
Message-ID: <20140512140044.GC31376@thunk.org> Date: Mon, 12 May 2014 10:00:44 -0400 From: Theodore Ts'o <tytso@....edu> To: Zhang Zhen <zhenzhang.zhang@...wei.com> Cc: Christoph Hellwig <hch@...radead.org>, linux-ext4@...r.kernel.org Subject: Re: [PATCH] ext4: avoid unneeded lookup when xattr name is invalid On Fri, Apr 11, 2014 at 03:15:07PM +0800, Zhang Zhen wrote: > In ext4_xattr_set_handle() we have checked the xattr name's length. So we should > also check it in ext4_xattr_get() to avoid unneeded lookup caused by invalid name. > > Signed-off-by: Zhang Zhen <zhenzhang.zhang@...wei.com> Applied, although I dropped this bit: > In addition, we deleted the check of NULL in ext4_xattr_set_handle(), because in all > the callers of the ext4_xattr_set_handle(), the name can't be NULL. Verifying this is non-trivial, since there are many non-local users of this function, and in order to make sure this is true you need to verify (at least) the callers of the callers. I could be convinced to turn this into a BUG_ON(!name), or "if (unlikely(!name))", but leaving the check in is a good idea, since even if it is true today, it's not necessarily guarantted to be true N years in the future. - Ted -- To unsubscribe from this list: send the line "unsubscribe linux-ext4" in the body of a message to majordomo@...r.kernel.org More majordomo info at http://vger.kernel.org/majordomo-info.html
Powered by blists - more mailing lists