lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
Open Source and information security mailing list archives
| ||
|
Date: Wed, 30 Aug 2006 15:20:15 -0300 From: "Julio Auto" <mindvortex@...il.com> To: "David Wagner" <daw-usenet@...erner.cs.berkeley.edu>, schwidefsky@...ibm.com Cc: linux-kernel@...r.kernel.org Subject: Re: [S390] cio: kernel stack overflow. On 8/30/06, Julio Auto <mindvortex@...il.com> wrote: > Unless, of course, the structure in question is kcalloc()'d (which is > not the case of gdev in the beginning of the patch - I haven't had the > time to check the other cases). Sorry, actually gdev is kzalloc()'d (which works exactly kcalloc() without the check for n*size integer overflows). I was looking at a much older version of the code. I still think, however, that memset()'ing to zero is still something to consider, in the cases where the structure is passed to the routine (as opposed to when it's _created by_ the routine). The code shouldn't rely on the awareness of future developers when adding other calls to these functions. - To unsubscribe from this list: send the line "unsubscribe linux-kernel" in the body of a message to majordomo@...r.kernel.org More majordomo info at http://vger.kernel.org/majordomo-info.html Please read the FAQ at http://www.tux.org/lkml/
Powered by blists - more mailing lists