| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
Message-ID: <CAOJsxLGS519114eonOWbDTwO+CL_e=buiW7XdbtxfCUpYz=Y6A@mail.gmail.com> Date: Mon, 17 Oct 2011 10:16:59 +0300 From: Pekka Enberg <penberg@...helsinki.fi> To: David Rientjes <rientjes@...gle.com> Cc: Thomas Jarosch <thomas.jarosch@...ra2net.com>, Christoph Lameter <cl@...two.org>, linux-kernel@...r.kernel.org Subject: Re: [slabinfo PATCH] Fix off-by-one after readlink() call On Fri, Oct 14, 2011 at 10:53 PM, David Rientjes <rientjes@...gle.com> wrote: > On Fri, 14 Oct 2011, Thomas Jarosch wrote: > >> The problem is the line after the readlink() call: >> >> buffer[count] = '\0'; >> >> The common technique is to reduce the buffer size by one. >> Another fix would be to check >> >> " >> if (count < 0 || count == sizeof(buffer)) >> fatal(); >> " >> >> Reducing the buffer size by one is easier IMHO. >> > > I think this should be used for changelog. > > Acked-by: David Rientjes <rientjes@...gle.com> Thomas, please resend with proper changelog and with David's and Christoph's ACKs included. -- To unsubscribe from this list: send the line "unsubscribe linux-kernel" in the body of a message to majordomo@...r.kernel.org More majordomo info at http://vger.kernel.org/majordomo-info.html Please read the FAQ at http://www.tux.org/lkml/
Powered by blists - more mailing lists