| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
Date: Thu, 14 Dec 2006 10:10:02 -0400
From: Anderson Briglia <anderson.briglia@...t.org.br>
To: ext Frank Seidel <frank@...nalert.de>
CC: Russell King <rmk+lkml@....linux.org.uk>,
"Lizardo Anderson (EXT-INdT/Manaus)" <anderson.lizardo@...t.org.br>,
Pierre Ossman <drzeus-list@...eus.cx>,
linux-kernel@...r.kernel.org,
"Aguiar Carlos (EXT-INdT/Manaus)" <carlos.aguiar@...t.org.br>,
Tony Lindgren <tony@...mide.com>,
ext David Brownell <david-b@...bell.net>
Subject: Re: [PATCH 2/4] Add MMC Password Protection (lock/unlock) support
V8: mmc_key_retention.diff
Hi,
ext Frank Seidel wrote:
> Quoting Anderson Briglia <anderson.briglia@...t.org.br>:
>> [...]
> Hi,
> thats really cool stuff you're providing with your patches. :)
> I have some feedback or questions some parts here.
> But as i just started trying to get into kernelhacking you probably
> better don't take my notes to serious, please.
All comments are welcome, thanks for the revision. :)
>
>> Index: linux-linus-2.6/drivers/mmc/mmc_sysfs.c
>> ===================================================================
>> --- linux-linus-2.6.orig/drivers/mmc/mmc_sysfs.c 2006-12-04 [...]
>> +static int mmc_key_instantiate(struct key *key, const void *data,
>> size_t datalen)
>> +{
>> + struct mmc_key_payload *mpayload, *zap;
>> + int ret;
>> +
>> + zap = NULL;
> What is zap here for? future use?
> And wouldn't it be good to also initialize mplayload here?
The code was based on code presents at security/keys/user_defined.c. This is the reason of why the MMC PWD code was
implemented using this returns types and others implementations.
That file (user_defined.c) implements generic functions to handle keys inside the kernel, using the Kernel Key Retention
Service. Maybe you can take a look there, :).
That zap variable was used to expand the key payload when a new password exceeded a previous configured size. But the
Kernel Key Retention Service has changed and that zap variable is not used on key_instantiate function implemented at
user_defined.c, anymore. I'll update the MMC PWD code.
>
>> + ret = -EINVAL;
> Is there a special reason why you already assign the errors to the
> return value variable before its clear that the assignment is needed?
See the reply above.
>
>
>> + if (datalen <= 0 || datalen > MMC_KEYLEN_MAXBYTES || !data) {
> Isn't the last "|| !data" redundant as you already tested if datalen ==0?
data = 0 is different from !data.
>
>> + pr_debug("Invalid data\n");
>> + goto error;
>> + }
>> +
>> + ret = key_payload_reserve(key, datalen);
>> + if (ret < 0) {
>> + pr_debug("ret = %d\n", ret);
>> + goto error;
>> + }
>> +
>> + ret = -ENOMEM;
> Same as above: Why do you in any case want to assign it here?
Reply above.
>
>> + mpayload = kmalloc(sizeof(*mpayload) + datalen, GFP_KERNEL);
> I may be totally wrong, but is dereferencing a not initialized pointer
> (even just for using sizeof) really ok?
Yes. I believe sizeof is a compiler operation and it does not access the data pointed by that pointer, it access just
the type of the pointer.
Wouldn't it be safer to use
> a sizeof(struct mmc_key_payload) here?
I believe there is no difference on using this one and that other declaration.
Thanks,
Anderson Briglia
-
To unsubscribe from this list: send the line "unsubscribe linux-kernel" in
the body of a message to majordomo@...r.kernel.org
More majordomo info at http://vger.kernel.org/majordomo-info.html
Please read the FAQ at http://www.tux.org/lkml/
Powered by blists - more mailing lists