lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list]
Message-ID: <alpine.LSU.2.20.1511172348110.13966@nerf40.vanv.qr>
Date:	Tue, 17 Nov 2015 23:48:55 +0100 (CET)
From:	Jan Engelhardt <jengelh@...i.de>
To:	David Miller <davem@...emloft.net>
cc:	tj@...nel.org, pablo@...filter.org, kaber@...sh.net,
	kadlec@...ckhole.kfki.hu, lizefan@...wei.com, hannes@...xchg.org,
	netdev@...r.kernel.org, netfilter-devel@...r.kernel.org,
	coreteam@...filter.org, cgroups@...r.kernel.org,
	linux-kernel@...r.kernel.org, kernel-team@...com,
	daniel@...earbox.net, daniel.wagner@...-carit.de,
	nhorman@...driver.com, gregkh@...uxfoundation.org
Subject: Re: [PATCH 2/5] kernfs: implement kernfs_walk_and_get()


On Tuesday 2015-11-17 22:20, David Miller wrote:
>> +	static char path_buf[PATH_MAX];	/* protected by kernfs_mutex */
>> +	int len = strlen(path);
> ...
>> +	if (len >= PATH_MAX)
>> +		return NULL;
>> +
>> +	memcpy(path_buf, path, len + 1);
>
>	static char path_buf[PATH_MAX];	/* protected by kernfs_mutex */
>	int len = strlcpy(path_buf, path, PATH_MAX);
> ...
>	if (len >= PATH_MAX)
>		return NULL;

	if (len < 0 || len >= PATH_MAX)

strlcpy returns a size_t, which, when coerced into an int, could lead to
negative numbers. In that sense, "size_t len" probably seems like an even
better bet yet.
--
To unsubscribe from this list: send the line "unsubscribe linux-kernel" in
the body of a message to majordomo@...r.kernel.org
More majordomo info at  http://vger.kernel.org/majordomo-info.html
Please read the FAQ at  http://www.tux.org/lkml/

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ