lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list] 
Message-Id: <200705312306.12626.dhazelton@enter.net>
Date:	Thu, 31 May 2007 23:06:12 -0400
From:	Daniel Hazelton <dhazelton@...er.net>
To:	Mark Adler <madler@...mni.caltech.edu>
Cc:	Satyam Sharma <satyam.sharma@...il.com>,
	"Michael-Luke Jones" <mlj28@....ac.uk>,
	lkml <linux-kernel@...r.kernel.org>, dwmw2@...radead.org,
	jloup@...p.org
Subject: Re: JFFS2 using 'private' zlib header (was [RFC] LZO de/compression support - take 6)

On Wednesday 30 May 2007 19:02:28 Mark Adler wrote:
> On May 30, 2007, at 6:30 AM, Satyam Sharma wrote:
> > [1] For your reference, here is the user code in question:
>
> ...
>
> >        if (srclen > 2 && !(data_in[1] & PRESET_DICT) &&
> > 	    ((data_in[0] & 0x0f) == Z_DEFLATED) &&
> > 	    !(((data_in[0]<<8) + data_in[1]) % 31)) {
>
> The funny thing here is that the author felt compelled to use a
> #defined constant for the dictionary bit (PRESET_DICT), but had no
> problem with a numeric constant to isolate the compression method
> (0x0f), or for that matter extracting the window bits from the
> header.  The easy way to avoid the use of an internal zlib header
> file here is to simply replace PRESET_DICT with 0x20.  That constant
> will never change -- it is part of the definition of the zlib header
> in RFC 1950.

If there is no objection, I'll put together a patch that changes the use in 
JFFS2 into a "magic number", complete with documentation on it, and also 
moves all of the zlib stuff into a single directory.

> The slightly more involved patch to avoid the problem is to let
> inflate() do all that work for you, including the integrity check on
> the zlib header (% 31).  Also this corrects an error in the original
> code, which is that it continues to try to decompress after finding
> that a dictionary is needed or that the zlib header is invalid.  In
> this version, a bad header simply returns an error:
>

Does anyone know if doing as Mark suggests would negatively impact the 
performance of JFFS2 to such a degree that it could be considered a 
regression? I, unfortunately, don't have the hardware to properly test the 
code. And, at this point in time, I also don't have enough familiarity with 
the JFFS2 code to make such a change myself. 

DRH

-
To unsubscribe from this list: send the line "unsubscribe linux-kernel" in
the body of a message to majordomo@...r.kernel.org
More majordomo info at  http://vger.kernel.org/majordomo-info.html
Please read the FAQ at  http://www.tux.org/lkml/

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ