lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list] 
Date:	Sun, 20 Aug 2006 12:44:27 -0700 (PDT)
From:	David Miller <davem@...emloft.net>
To:	w@....eu
Cc:	mb@...sch.de, solar@...nwall.com, linux-kernel@...r.kernel.org,
	netdev@...r.kernel.org
Subject: Re: [PATCH] getsockopt() early argument sanity checking

From: Willy Tarreau <w@....eu>
Date: Sun, 20 Aug 2006 02:43:07 +0200

> On Sun, Aug 20, 2006 at 02:05:20AM +0200, Michael Buesch wrote:
> > Not to me. It heavily violates codingstyle and screws brains
>                 ^^^^^^^
> little exageration detected here.
> 
> > with the non-indented else branches.
> 
> while they surprized me first, they make the *patch* more readable
> by clearly showing what has been inserted and where. However, I have
> joined the lines for the merge.

Thanks for consulting the networking maintainer before merging
this. :-/

What if some sockopt treats a negative length specially?
Maybe some setsockopt() doesn't care about the optlen pointer?

This toplevel code has no buisness interpreting the arguments when the
downcall and argument interpretation is by definition protocol
specific.  It also means we'll touch userspace twice for this value
which is really dumb.

The only nice part about this change is that it allows us to be lazy
about auditing the individual setsockopt() implementations.  I'd
rather fix the broken cases than add a patch which just assumes they
are broken and not worth fixing, and also imposes a convention for the
optlen argument.

No thanks.

And yes the coding style was totally unacceptable too.
-
To unsubscribe from this list: send the line "unsubscribe linux-kernel" in
the body of a message to majordomo@...r.kernel.org
More majordomo info at  http://vger.kernel.org/majordomo-info.html
Please read the FAQ at  http://www.tux.org/lkml/

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ