lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  PHC 
Open Source and information security mailing list archives
Hash Suite for Android: free password hash cracker in your pocket
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list]
Date:   Wed, 11 Aug 2021 19:32:55 +0200
From:   Lukas Czerner <>
To:     Theodore Ts'o <>
Subject: Re: [PATCH 7/7] mkquota: Fix potental NULL pointer dereference

On Tue, Aug 10, 2021 at 12:15:28PM -0400, Theodore Ts'o wrote:
> On Fri, Aug 06, 2021 at 11:58:20AM +0200, Lukas Czerner wrote:
> > get_dq() function can fail when the memory allocation fails and so we
> > could end up dereferencing NULL pointer. Fix it.
> > 
> > Also, we should really return -ENOMEM instead of -1, or even 0 from
> > various functions in quotaio_tree.c when memory allocation fails.
> > Fix it as well.
> The quota*.c files were taking from the quota_tools package, and are
> currently using the converion of setting errno and returning -1.  I
> don't think an incomplete conversion to the kernel error return
> convention is the way to go.  My long term plan for the quota
> functions in libsupport is to convert them to use the comerr_t error
> return convention, remove all of the printf functions from the
> functions, so they can be properly moved into libext2fs library as a
> first class supported library functions, and so that the high-level
> ext2fs functions would update the quota files --- so that programs
> like fuse2fs would properly update the quota records.
> So I'm going to drop the error handling changes from this patch before
> applying it.

Understood, thanks!


> Cheers,
> 					- Ted

Powered by blists - more mailing lists