lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [<thread-prev] [day] [month] [year] [list] 
Message-Id: <20160510115818.8c10904a288b51463de9ef35@kernel.org>
Date:	Tue, 10 May 2016 11:58:18 +0900
From:	Masami Hiramatsu <mhiramat@...nel.org>
To:	Arnaldo Carvalho de Melo <acme@...nel.org>
Cc:	linux-kernel@...r.kernel.org, Namhyung Kim <namhyung@...nel.org>,
	Peter Zijlstra <peterz@...radead.org>,
	Ingo Molnar <mingo@...hat.com>
Subject: Re: [PATCH perf/core v2 5/8] perf header: Make topology checkers to
 check return value of strbuf

On Thu, 5 May 2016 20:55:18 -0300
Arnaldo Carvalho de Melo <acme@...nel.org> wrote:

> Em Sat, Apr 30, 2016 at 12:10:33AM +0900, Masami Hiramatsu escreveu:
> > Make topology checkers to check the return value of strbuf
> > APIs so that it can detect errors in it.
> 
> >  	}
> > @@ -1907,7 +1910,7 @@ static int process_numa_topology(struct perf_file_section *section __maybe_unuse
> >  	u32 nr, node, i;
> >  	char *str;
> >  	uint64_t mem_total, mem_free;
> > -	struct strbuf sb;
> > +	struct strbuf sb = STRBUF_INIT;
> 
> Since you're going to call strbuf_init() later, is the above really
> needed?

Actually, this is for strbuf_release() at the error path at the
end of this function.
----
error:
        strbuf_release(&sb);
        return -1;
}
----

So, without initializing sb, strbuf_release tries to release random
address in sb.buf.
Of course we can just return -1 for such cases and avoid initializing :)

>   
> >  	/* nr nodes */
> >  	ret = readn(fd, &nr, sizeof(nr));
> > @@ -1918,7 +1921,8 @@ static int process_numa_topology(struct perf_file_section *section __maybe_unuse
> >  		nr = bswap_32(nr);
> >  
> >  	ph->env.nr_numa_nodes = nr;
> > -	strbuf_init(&sb, 256);
> > +	if (strbuf_init(&sb, 256) < 0)
> > +		goto error;
> >  


-- 
Masami Hiramatsu <mhiramat@...nel.org>

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ