lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite for Android: free password hash cracker in your pocket
[<prev] [next>] [day] [month] [year] [list]
Message-ID: <20160503214612.GA13289@kroah.com>
Date:	Tue, 3 May 2016 14:46:12 -0700
From:	Greg Kroah-Hartman <greg@...ah.com>
To:	Kangjie Lu <kangjielu@...il.com>
Cc:	Johannes Berg <johannes@...solutions.net>, davem@...emloft.net,
	linux-wireless@...r.kernel.org, linux-kernel@...r.kernel.org,
	netdev@...r.kernel.org, Kangjie Lu <kjlu@...ech.edu>
Subject: Re: [PATCH] fix infoleak in wireless


A: http://en.wikipedia.org/wiki/Top_post
Q: Were do I find info about this thing called top-posting?
A: Because it messes up the order in which people normally read text.
Q: Why is top-posting such a bad thing?
A: Top-posting.
Q: What is the most annoying thing in e-mail?

A: No.
Q: Should I include quotations after my reply?

http://daringfireball.net/2007/07/on_top

On Tue, May 03, 2016 at 05:41:46PM -0400, Kangjie Lu wrote:
> You are right. But wouldn't it be more general/better if we initialize the
> allocation at very beginning?
> To avoid information leaks, I think we are supposed to initialize all
> allocations properly if 
> we are not sure how they are used.

But the networking maintainers told you to fix the broken drivers
instead.  So please do that and send those patches to the correct
developers and mailing lists.

The fact that only 2 staging drivers got this wrong means that everyone
knows how to use this api properly, so I agree with the maintainers
here.

thanks,


greg k-h

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ