lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list] 
Message-ID: <48D80949.4080901@ru.mvista.com>
Date:	Tue, 23 Sep 2008 01:08:25 +0400
From:	Sergei Shtylyov <sshtylyov@...mvista.com>
To:	Mark de Wever <koraq@...all.nl>
Cc:	petkovbb@...il.com, Gadi Oxman <gadio@...vision.net.il>,
	Bartlomiej Zolnierkiewicz <bzolnier@...il.com>,
	linux-ide@...r.kernel.org, linux-kernel@...r.kernel.org
Subject: Re: [PATCH] IDE-TAPE NULL terminate strings.

Hello.

Mark de Wever wrote:

>> .. and I know why :). Those ide_tape_obj members (char fw_rev[6], vendor_id[10],
>> product_id[18]) were used only once in idetape_get_inquiry_results() so I moved
>> them there as local stack variables. Originally, they were kzalloc'ed as part of
>> struct ide_tape_obj and now they contain stack garbage therefore the funny
>> values. The simple solution would be to zero them out or:
>>
>>
>> Does the following patch help?
>>     
>
> Yes feel free to add my tested-by.
>   

   And my NAK too. :-)

> Only not sure whether the static is the best solution, the following
> patch also works, by zeroing the memory as you suggested.
>
> Signed-off-by: Mark de Wever <koraq@...all.nl>
>
> diff --git a/drivers/ide/ide-tape.c b/drivers/ide/ide-tape.c
> index 1bce84b..c41f5b1 100644
> --- a/drivers/ide/ide-tape.c
> +++ b/drivers/ide/ide-tape.c
> @@ -2338,7 +2338,7 @@ static void idetape_get_inquiry_results(ide_drive_t *drive)
>  {
>  	idetape_tape_t *tape = drive->driver_data;
>  	struct ide_atapi_pc pc;
> -	char fw_rev[6], vendor_id[10], product_id[18];
> +	char fw_rev[6] = {'\0'}, vendor_id[10] = {'\0'}, product_id[18] = {'\0'};
>   

   Do you realize how much *absolutely unnecessary* code will this bring 
in? This is certainly worse than your initial patch (if it was correct).
Ugh, looks like I'll have t submit the patch myself to stop this ugliness...

MBR, Sergei


--
To unsubscribe from this list: send the line "unsubscribe linux-kernel" in
the body of a message to majordomo@...r.kernel.org
More majordomo info at  http://vger.kernel.org/majordomo-info.html
Please read the FAQ at  http://www.tux.org/lkml/

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ