| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
Date: Sun, 27 Apr 2014 22:00:43 +0200 From: Mateusz Guzik <mguzik@...hat.com> To: Dan Carpenter <dan.carpenter@...cle.com> Cc: tiwai@...e.de, gregkh@...uxfoundation.org, devel@...verdev.osuosl.org, Laurent Navet <laurent.navet@...il.com>, linux-kernel@...r.kernel.org Subject: Re: [PATCH] staging: line6: fix possible overrun On Sun, Apr 27, 2014 at 08:39:32PM +0300, Dan Carpenter wrote: > On Sat, Apr 26, 2014 at 11:59:46PM +0200, Mateusz Guzik wrote: > > > And sadly enough some of those ->id strings are more than 15 characters > > > and a NUL which will fit in card->id. So this overflow is real. The > > > card->shortname is a 32 char array so none of those overflow. > > > > > > If we want to sovle the truncation issue then we need to think of > > > shorter names for BassPODxtLive, BassPODxtPro, PODStudioUX1, and > > > PODStudioUX2. > > > > > > > In that case I suggest compile time assertions that ids and names fit > > That sounds like some magic code which I would love to see. :) > Just asserting something on compile time is not a problem. The kernel has BUILD_BUG_ON macro. I didn't check why, but it doesn't use _Static_assert. Instead it produces some code which makes it unusable in this context. Aforementoined _Static_assert is available at least in gcc and clang and you can call it outside of any function, e.g.: _Static_assert(sizeof(meh) < 42, "oh no"); Unfortnately I failed to come up with a macro which would allow me to use it in the initializer. :/ One could change line6_properties's definition so that it contains arrays instead of pointers, that would introduce automagic checking and I don't think memory waste (if any) would be problematic. > > and a WARN_ON + -EINVAL in line6_init_audio to catch future > > offenders. > > Returning -EINVAL is a bad idea because it would break the driver > completely and make it unusable. > Well I would vote for returning the error anyway. Something is wrong, better fix it as it is instead of risking additional bugs resulting from truncation. > > > > As a side note I'm not sure if pod_try_init from drivers/staging/line6/pod.c > > cleans up properly after failed line6_init_audio. > > Yeah. It doesn't seem to clean up at all. > -- Mateusz Guzik -- To unsubscribe from this list: send the line "unsubscribe linux-kernel" in the body of a message to majordomo@...r.kernel.org More majordomo info at http://vger.kernel.org/majordomo-info.html Please read the FAQ at http://www.tux.org/lkml/
Powered by blists - more mailing lists