lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [<thread-prev] [day] [month] [year] [list]
Message-ID: <CAHp75VeLMaqkTi7kysOZf1a+cqts7nfZPCn=UKR1ysREk_0S_g@mail.gmail.com>
Date:	Wed, 7 Jan 2015 22:09:47 +0200
From:	Andy Shevchenko <andy.shevchenko@...il.com>
To:	Giel van Schijndel <me@...tis.eu>
Cc:	"linux-kernel@...r.kernel.org" <linux-kernel@...r.kernel.org>,
	David Woodhouse <dwmw2@...radead.org>,
	Brian Norris <computersforpeace@...il.com>,
	"open list:MEMORY TECHNOLOGY..." <linux-mtd@...ts.infradead.org>
Subject: Re: [PATCH] Fix error-code overwrite bug

On Wed, Jan 7, 2015 at 9:52 PM, Giel van Schijndel <me@...tis.eu> wrote:
> On Wed, Jan 07, 2015 at 20:37:29 +0200, Andy Shevchenko wrote:
>> On Sun, Jan 4, 2015 at 8:04 PM, Giel van Schijndel <me@...tis.eu> wrote:
>>> Don't overwrite the returned error code with the boolean test used by
>>> the if-statement (otherwise it'd be 1 or 0 always, 1 in the if-block).
>>> ---
>>>  drivers/mtd/nftlmount.c | 2 +-
>>>  1 file changed, 1 insertion(+), 1 deletion(-)
>>>
>>> diff --git a/drivers/mtd/nftlmount.c b/drivers/mtd/nftlmount.c
>>> index 51b9d6a..1cbeb6b 100644
>>> --- a/drivers/mtd/nftlmount.c
>>> +++ b/drivers/mtd/nftlmount.c
>>> @@ -91,7 +91,7 @@ static int find_boot_record(struct NFTLrecord *nftl)
>>>                 /* To be safer with BIOS, also use erase mark as discriminant */
>>>                 if ((ret = nftl_read_oob(mtd, block * nftl->EraseSize +
>>>                                          SECTORSIZE + 8, 8, &retlen,
>>> -                                        (char *)&h1) < 0)) {
>>> +                                        (char *)&h1)) < 0) {
>>
>> Better to move ret = x(); outside of condition. See here:
>> http://permalink.gmane.org/gmane.linux.drivers.mtd/56922
>
> In the sense that this bug wouldn't have occurred when using separate
> assignment and condition checking you're right. It's a style issue
> though, but a relevant one.
>
> So your approach is probably better, though incomplete (like mine), just
> look for the exact same (ret = x() < 0) pattern about 20 lines further
> down the same file. (Yes that's disabled code, but I still believe the
> bug should be fixed considering it's exactly the same class of bug).
>
> So I suggest you resend that ^^ patch you link to with a fix for the
> other instance of the bug fixed as well.

Sounds reasonable. Will do.


-- 
With Best Regards,
Andy Shevchenko
--
To unsubscribe from this list: send the line "unsubscribe linux-kernel" in
the body of a message to majordomo@...r.kernel.org
More majordomo info at  http://vger.kernel.org/majordomo-info.html
Please read the FAQ at  http://www.tux.org/lkml/

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ