| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
Date: Sat, 12 Dec 2009 05:10:32 -0500
From: William Allen Simpson <william.allen.simpson@...il.com>
To: torvalds@...ux-foundation.org
CC: David Miller <davem@...emloft.net>, akpm@...ux-foundation.org,
netdev@...r.kernel.org, linux-kernel@...r.kernel.org
Subject: Re: [GIT]: Networking
David Miller wrote:
> David S. Miller (4):
> Merge branch 'master' of git://git.kernel.org/.../linville/wireless-next-2.6
> tcp: Remove runtime check that can never be true.
This is a poor patch that was never sent to the netdev list for review. Copies to
and from user space should always check for buffer overruns. A better patch was
submitted (attached) some time ago.
Miller's patch has 2 flaws:
1) It accidentally removed a comment line that describes the purpose of the
following memcpy(), paralleling language in the internet-draft.
2) It fails to test for buffer overruns. The existing code has an accurate test,
that compiles (to no code) correctly with current gcc. But it produces a warning
in some (fairly old) gcc versions.
Instead, the better patch uses the Kernel defined BUILD_BUG_ON(). Please
substitute the better patch in the main tree.
> Merge branch 'master' of git://git.kernel.org/.../linville/wireless-2.6
> Merge branch 'master' of /home/davem/src/GIT/linux-2.6/
>
View attachment "net-ipv4-tcp.c-fix-warning-for-older-compilers.patch" of type "text/plain" (616 bytes)
Powered by blists - more mailing lists