| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
Message-ID: <20140124122837.GU10323@ZenIV.linux.org.uk> Date: Fri, 24 Jan 2014 12:28:37 +0000 From: Al Viro <viro@...IV.linux.org.uk> To: Denys Vlasenko <dvlasenk@...hat.com> Cc: Jan Kratochvil <jan.kratochvil@...hat.com>, Oleg Nesterov <oleg@...hat.com>, linux-kernel@...r.kernel.org Subject: Re: [PATCH] dcache: error out on failures to store terminating NUL On Fri, Jan 24, 2014 at 01:17:46PM +0100, Denys Vlasenko wrote: > A number of routines wasn't checking that the initial call > to prepend "\0" to result buffer doesn't fail. > > Coredump code was seeing d_path() with zero-sized buffer > to erroneously return bogus data (non-error pointer > pointing before buffer start). > > Users report that this change fixes it. NAK. Again, this is not dealing with overflows - it's basic sanity check on arguments. Choose which level should that be done at and just do it there. As in "if (!buflen) return -ENAMETOOLONG;". > char *cwd = page + PATH_MAX; > int buflen = PATH_MAX; > > - prepend(&cwd, &buflen, "\0", 1); > - error = prepend_path(&pwd, &root, &cwd, &buflen); > + error = prepend(&cwd, &buflen, "\0", 1); > + if (!error) > + error = prepend_path(&pwd, &root, &cwd, &buflen); Ah, yes - the dreadful case of zero PATH_MAX... -- To unsubscribe from this list: send the line "unsubscribe linux-kernel" in the body of a message to majordomo@...r.kernel.org More majordomo info at http://vger.kernel.org/majordomo-info.html Please read the FAQ at http://www.tux.org/lkml/
Powered by blists - more mailing lists