lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list]
Message-ID: <1453942708.10099.41.camel@perches.com>
Date:	Wed, 27 Jan 2016 16:58:28 -0800
From:	Joe Perches <joe@...ches.com>
To:	Kees Cook <keescook@...omium.org>, linux-kernel@...r.kernel.org
Cc:	Amitkumar Karwar <akarwar@...vell.com>,
	Nishant Sarmukadam <nishants@...vell.com>,
	Kalle Valo <kvalo@...eaurora.org>,
	Steve French <sfrench@...ba.org>,
	linux-wireless@...r.kernel.org, netdev@...r.kernel.org,
	linux-cifs@...r.kernel.org, samba-technical@...ts.samba.org
Subject: Re: [PATCH] lib: fix callers of strtobool to use char array

On Wed, 2016-01-27 at 16:45 -0800, Kees Cook wrote:
> Some callers of strtobool were passing a pointer to unterminated strings.
> This fixes the issue and consolidates some logic in cifs.

This may be incomplete as it duplicates the behavior for
the old number of characters, but this is not a solution
for the entry of a bool that is "on" or "off".

> diff --git a/fs/cifs/cifs_debug.c b/fs/cifs/cifs_debug.c
[]
> @@ -290,7 +305,8 @@ static ssize_t cifs_stats_proc_write(struct file *file,
>  			}
>  		}
>  		spin_unlock(&cifs_tcp_ses_lock);
> -	}
> +	} else
> +		return rc;

Likely better to reverse the test and unindent the
preceding block.

Otherwise, please make sure to use the general brace
form of when one branch needs braces, the other branch
should have them too.

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ