| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
Date: Fri, 17 Feb 2023 16:13:03 -0800
From: Kees Cook <keescook@...omium.org>
To: Namjae Jeon <linkinjeon@...nel.org>
Cc: Steve French <sfrench@...ba.org>, Paulo Alcantara <pc@....nz>,
Ronnie Sahlberg <lsahlber@...hat.com>,
Shyam Prasad N <sprasad@...rosoft.com>,
Tom Talpey <tom@...pey.com>,
Sergey Senozhatsky <senozhatsky@...omium.org>,
linux-cifs@...r.kernel.org, linux-kernel@...r.kernel.org,
samba-technical@...ts.samba.org, linux-hardening@...r.kernel.org
Subject: Re: [PATCH v2] smb3: Replace smb2pdu 1-element arrays with
flex-arrays
On Thu, Feb 16, 2023 at 11:25:01PM +0900, Namjae Jeon wrote:
> Hi Kees,
>
> > /* Read flags */
> > @@ -730,7 +730,7 @@ struct smb2_read_rsp {
> > __le32 DataLength;
> > __le32 DataRemaining;
> > __le32 Flags;
> > - __u8 Buffer[1];
> > + __u8 Buffer[];
> > } __packed;
> >
>
> You seem to have missed -1 removal in the code below.
Ah; thanks for this heads-up. I will need a v3.
> ./fs/cifs/smb2ops.c:5632: .read_rsp_size = sizeof(struct
> smb2_read_rsp) - 1,
> ./fs/cifs/smb2ops.c:5654: .read_rsp_size = sizeof(struct
> smb2_read_rsp) - 1,
...
These are interesting -- they don't show up at all in the code. What I
mean is that they're data-only changes. I'll add that to my before/after
build sanity checks.
Thanks!
-Kees
--
Kees Cook
Powered by blists - more mailing lists