| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
Date: Sat, 23 Apr 2016 00:05:30 +0300
From: Lasse Collin <lasse.collin@...aani.org>
To: keescook@...omium.org
Cc: aryabinin@...tuozzo.com, peterz@...radead.org, dvlasenk@...hat.com,
linux-kernel@...r.kernel.org, akpm@...ux-foundation.org,
hpa@...or.com, luto@...nel.org, yinghai@...nel.org,
jpoimboe@...hat.com, bp@...e.de, dvyukov@...gle.com,
torvalds@...ux-foundation.org, mingo@...nel.org, bhe@...hat.com,
tglx@...utronix.de, bp@...en8.de, brgerst@...il.com,
luto@...capital.net, hjl.tools@...il.com
Subject: Re: [tip:x86/boot] x86/boot: Make memcpy() handle overlaps
On 2016-04-22 tip-bot for Kees Cook wrote:
> x86/boot: Make memcpy() handle overlaps
>
> Two uses of memcpy() (screen scrolling and ELF parsing) were handling
> overlapping memory areas. While there were no explicitly noticed bugs
> here (yet), it is best to fix this so that the copying will always be
> safe.
>
> Instead of making a new memmove() function that might collide with
> other memmove() definitions in the decompressors, this just makes the
> compressed boot code's copy of memcpy() overlap-safe.
So far lib/decompress_unxz.c is the only decompressor that needs
memmove(). There the local definition is inside #ifndef to make it easy
to omit it and to use another memmove() implementation. It's enough to
do this:
#define memmove memmove
To me it sounds less confusing if a function that works on overlapping
buffers is named memmove() instead of memcpy(). In those places where
buffers can overlap one would then use memmove() so that it's clear to
the reader that overlapping is possible.
--
Lasse Collin | IRC: Larhzu @ IRCnet & Freenode
Powered by blists - more mailing lists