| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
Date: Wed, 11 Aug 2021 19:32:55 +0200 From: Lukas Czerner <lczerner@...hat.com> To: Theodore Ts'o <tytso@....edu> Cc: linux-ext4@...r.kernel.org Subject: Re: [PATCH 7/7] mkquota: Fix potental NULL pointer dereference On Tue, Aug 10, 2021 at 12:15:28PM -0400, Theodore Ts'o wrote: > On Fri, Aug 06, 2021 at 11:58:20AM +0200, Lukas Czerner wrote: > > get_dq() function can fail when the memory allocation fails and so we > > could end up dereferencing NULL pointer. Fix it. > > > > Also, we should really return -ENOMEM instead of -1, or even 0 from > > various functions in quotaio_tree.c when memory allocation fails. > > Fix it as well. > > The quota*.c files were taking from the quota_tools package, and are > currently using the converion of setting errno and returning -1. I > don't think an incomplete conversion to the kernel error return > convention is the way to go. My long term plan for the quota > functions in libsupport is to convert them to use the comerr_t error > return convention, remove all of the printf functions from the > functions, so they can be properly moved into libext2fs library as a > first class supported library functions, and so that the high-level > ext2fs functions would update the quota files --- so that programs > like fuse2fs would properly update the quota records. > > So I'm going to drop the error handling changes from this patch before > applying it. Understood, thanks! -Lukas > > Cheers, > > - Ted >
Powered by blists - more mailing lists