| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
Message-ID: <yq1k0l9oktw.fsf@ca-mkp.ca.oracle.com>
Date: Wed, 28 Jul 2021 23:35:05 -0400
From: "Martin K. Petersen" <martin.petersen@...cle.com>
To: Kees Cook <keescook@...omium.org>
Cc: "Martin K. Petersen" <martin.petersen@...cle.com>,
linux-hardening@...r.kernel.org,
"Gustavo A. R. Silva" <gustavoars@...nel.org>,
Keith Packard <keithpac@...zon.com>,
Greg Kroah-Hartman <gregkh@...uxfoundation.org>,
Andrew Morton <akpm@...ux-foundation.org>,
linux-kernel@...r.kernel.org, linux-wireless@...r.kernel.org,
netdev@...r.kernel.org, dri-devel@...ts.freedesktop.org,
linux-staging@...ts.linux.dev, linux-block@...r.kernel.org,
linux-kbuild@...r.kernel.org, clang-built-linux@...glegroups.com,
Brian King <brking@...ux.vnet.ibm.com>,
Tyrel Datwyler <tyreld@...ux.ibm.com>
Subject: Re: [PATCH 36/64] scsi: ibmvscsi: Avoid multi-field memset()
overflow by aiming at srp
Kees,
> For example, change it to:
>
> + BUILD_BUG_ON(sizeof(evt_struct->iu.srp) != SRP_MAX_IU_LEN);
> + memset(&evt_struct->iu.srp, 0x00, sizeof(evt_struct->iu.srp));
> srp_cmd = &evt_struct->iu.srp.cmd;
> - memset(srp_cmd, 0x00, SRP_MAX_IU_LEN);
> For the moment, I'll leave the patch as-is unless you prefer having
> the BUILD_BUG_ON(). :)
I'm OK with the BUILD_BUG_ON(). Hopefully Tyrel or Brian will chime in.
--
Martin K. Petersen Oracle Linux Engineering
Powered by blists - more mailing lists