lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list] 
Message-ID: <20161108154117.GN2664@localhost>
Date:   Tue, 8 Nov 2016 16:41:17 +0100
From:   Johan Hovold <johan@...nel.org>
To:     Oliver Neukum <oneukum@...e.com>
Cc:     Johan Hovold <johan@...nel.org>, linux-usb@...r.kernel.org,
        linux-kernel@...r.kernel.org
Subject: Re: [PATCH] USB: serial: fix invalid user-pointer checks

On Tue, Nov 08, 2016 at 03:13:13PM +0100, Oliver Neukum wrote:
> On Tue, 2016-11-08 at 13:26 +0100, Johan Hovold wrote:
> > Drop invalid user-pointer checks from ioctl handlers.
> > 
> > A NULL-pointer can be valid in user space and copy_to_user() takes
> > care
> > of sanity checking.
> 
> Shouldn't we bail out early in these cases?

I don't think it's worth it, and this is also the general pattern for
such ioctls. The added overhead for an error case like this is really
negligible.

Thanks,
Johan

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ