| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
Message-ID: <20101005165159.GQ19804@ZenIV.linux.org.uk> Date: Tue, 5 Oct 2010 17:51:59 +0100 From: Al Viro <viro@...IV.linux.org.uk> To: Linus Torvalds <torvalds@...ux-foundation.org> Cc: Evgeny Kuznetsov <EXT-Eugeny.Kuznetsov@...ia.com>, "H. Peter Anvin" <hpa@...or.com>, akpm@...ux-foundation.org, phillip@...gher.demon.co.uk, hsweeten@...ionengravers.com, linux-kernel@...r.kernel.org Subject: Re: [PATCH 1/1] initramfs: strcpy destination string overflow On Tue, Oct 05, 2010 at 08:55:01AM -0700, Linus Torvalds wrote: > I think this is wrong. > > If the name is too long to fit in the hash table, we should not create > a new hash entry at all, because we'd be returning the wrong > (truncated) name when we find it next time. > > So it would be much better to just do > > if (strlen(name) >= sizeof(q->name)) > return NULL; > > in find_link(), because as far as I can tell, the hard-linking is > always just an optimization. > > Comments? Peter? Take a look at struct hash definition. That sizeof is PATH_MAX and do_header() will reject an entry with name longer than that. IOW, the whole thing is a non-issue; we can add if (strlen(name) >= PATH_MAX) BUG(); if we really care, but that's it. As a side note, it looks like we need a fat warning about blind "improvements" of that kind in CodingStyle; cargo-cult replacements like that can easily hide real bugs... ;-/ -- To unsubscribe from this list: send the line "unsubscribe linux-kernel" in the body of a message to majordomo@...r.kernel.org More majordomo info at http://vger.kernel.org/majordomo-info.html Please read the FAQ at http://www.tux.org/lkml/
Powered by blists - more mailing lists