lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list] 
Message-ID: <20150107195244.GB18978@salidar.dom.custoft.eu>
Date:	Wed, 7 Jan 2015 20:52:44 +0100
From:	Giel van Schijndel <me@...tis.eu>
To:	Andy Shevchenko <andy.shevchenko@...il.com>
Cc:	"linux-kernel@...r.kernel.org" <linux-kernel@...r.kernel.org>,
	David Woodhouse <dwmw2@...radead.org>,
	Brian Norris <computersforpeace@...il.com>,
	"open list:MEMORY TECHNOLOGY..." <linux-mtd@...ts.infradead.org>
Subject: Re: [PATCH] Fix error-code overwrite bug

On Wed, Jan 07, 2015 at 20:37:29 +0200, Andy Shevchenko wrote:
> On Sun, Jan 4, 2015 at 8:04 PM, Giel van Schijndel <me@...tis.eu> wrote:
>> Don't overwrite the returned error code with the boolean test used by
>> the if-statement (otherwise it'd be 1 or 0 always, 1 in the if-block).
>> ---
>>  drivers/mtd/nftlmount.c | 2 +-
>>  1 file changed, 1 insertion(+), 1 deletion(-)
>>
>> diff --git a/drivers/mtd/nftlmount.c b/drivers/mtd/nftlmount.c
>> index 51b9d6a..1cbeb6b 100644
>> --- a/drivers/mtd/nftlmount.c
>> +++ b/drivers/mtd/nftlmount.c
>> @@ -91,7 +91,7 @@ static int find_boot_record(struct NFTLrecord *nftl)
>>                 /* To be safer with BIOS, also use erase mark as discriminant */
>>                 if ((ret = nftl_read_oob(mtd, block * nftl->EraseSize +
>>                                          SECTORSIZE + 8, 8, &retlen,
>> -                                        (char *)&h1) < 0)) {
>> +                                        (char *)&h1)) < 0) {
> 
> Better to move ret = x(); outside of condition. See here:
> http://permalink.gmane.org/gmane.linux.drivers.mtd/56922

In the sense that this bug wouldn't have occurred when using separate
assignment and condition checking you're right. It's a style issue
though, but a relevant one.

So your approach is probably better, though incomplete (like mine), just
look for the exact same (ret = x() < 0) pattern about 20 lines further
down the same file. (Yes that's disabled code, but I still believe the
bug should be fixed considering it's exactly the same class of bug).

So I suggest you resend that ^^ patch you link to with a fix for the
other instance of the bug fixed as well.

-- 
Met vriendelijke groet,
With kind regards,
Giel van Schijndel
--
"If debugging is the process of removing software bugs, then programming
 must be the process of putting them in."
  -- Edsger Dijkstra

Download attachment "signature.asc" of type "application/pgp-signature" (182 bytes)

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ