lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list] 
Message-ID: <aBOtxplvvpgHed7o@archlinux>
Date: Thu, 1 May 2025 19:22:14 +0200
From: Jan Hendrik Farr <kernel@...rr.cc>
To: Alan Huang <mmpgouride@...il.com>
Cc: kent.overstreet@...ux.dev, Thorsten Blum <thorsten.blum@...lux.com>,
	Miguel Ojeda <miguel.ojeda.sandonis@...il.com>,
	Nathan Chancellor <nathan@...nel.org>,
	Bill Wendling <morbo@...gle.com>, Kees Cook <kees@...nel.org>,
	regressions@...ts.linux.dev, linux-bcachefs@...r.kernel.org,
	linux-hardening@...r.kernel.org,
	LKML <linux-kernel@...r.kernel.org>, ardb@...nel.org,
	ojeda@...nel.org
Subject: Re: [REGRESSION][BISECTED] erroneous buffer overflow detected in
 bch2_xattr_validate

> 
> I wonder if the __counted_by(x_name_len) in struct bch_xattr is needed, since there is also a value after x_name.

Wait a minute. Are you saying that the value with length x_val_len
is behind the name (of length x_name_len) at the end of the struct.
So essentially the flexible array member x_name has a length of
x_name_len + x_val_len and contains both the name and value?

If that's the case:

1. that's not at all clear from the struct definition
2. __counted_by(x_name_len) is not correct in that case


Best Regards
Jan

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ