| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
Message-ID: <CAHpGcMLQGc4HUZEDRKAv2yaH7wwSBBO_jrMA6+=AQ6hb=WrNUg@mail.gmail.com> Date: Fri, 29 May 2015 00:09:38 +0200 From: Andreas Grünbacher <andreas.gruenbacher@...il.com> To: Trond Myklebust <trond.myklebust@...marydata.com> Cc: "J. Bruce Fields" <bfields@...ldses.org>, Linux Kernel Mailing List <linux-kernel@...r.kernel.org>, Linux FS-devel Mailing List <linux-fsdevel@...r.kernel.org>, Linux NFS Mailing List <linux-nfs@...r.kernel.org> Subject: Re: [RFC v3 36/45] NFSv4: Fix GETATTR bitmap verification 2015-05-28 23:55 GMT+02:00 Trond Myklebust <trond.myklebust@...marydata.com>: >> We already do this kind of check with the existing code. What's wrong with it? > > Actually, you're right, we don't check for the previous word, however > fixing that is a question of adding 2 extra checks in > decode_getfattr_attrs(), one in decode_getfattr_statfs(), and one in > decode_fsinfo(). > > It shouldn't require a rewrite of the entire nfs4xdr.c. I would actually prefer either verifying the reply bitmap against the request bitmap, or checking the bitmap first as this patch does --- the current approach of knocking individual bits over and checking if any "before" bits have been missed isn't exactly what I would take as a textbook example. Thanks, Andreas -- To unsubscribe from this list: send the line "unsubscribe linux-kernel" in the body of a message to majordomo@...r.kernel.org More majordomo info at http://vger.kernel.org/majordomo-info.html Please read the FAQ at http://www.tux.org/lkml/
Powered by blists - more mailing lists