| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
Message-ID: <20140520081957.GD15585@mwanda> Date: Tue, 20 May 2014 11:19:58 +0300 From: Dan Carpenter <dan.carpenter@...cle.com> To: Rusty Russell <rusty@...tcorp.com.au> Cc: linux-kernel@...r.kernel.org, kernel-janitors@...r.kernel.org Subject: Re: [patch] module: static checker complains about negative values On Tue, May 20, 2014 at 11:16:04AM +0930, Rusty Russell wrote: > Dan Carpenter <dan.carpenter@...cle.com> writes: > > > We cap "stat.size" at INT_MAX but we don't check for negative values so > > my static checker complains. At this point, you already have control of > > the kernel and if you start passing negative values here then you > > deserve what happens next. > > > > On 64 bit systems the vmalloc() will definitely fail. On 32 bit systems > > we truncate the upper 32 bits away so that could succeed. I haven't > > followed it further than that. > > > > Signed-off-by: Dan Carpenter <dan.carpenter@...cle.com> > > If vfs_getattr() returns a negative stat.size, we have worse problems. > > I'd rather see you sprinkle assertions like that into the code, so we > can make sure that can't happen for any fs's getattr(). Yeah. I was lazy. Sorry. I can just hand edit my database to say that i_size_read() returns a reasonable number... regards, dan carpenter -- To unsubscribe from this list: send the line "unsubscribe linux-kernel" in the body of a message to majordomo@...r.kernel.org More majordomo info at http://vger.kernel.org/majordomo-info.html Please read the FAQ at http://www.tux.org/lkml/
Powered by blists - more mailing lists