lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite for Android: free password hash cracker in your pocket
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list]
Message-ID: <20171221153314.GC17019@osadl.at>
Date:   Thu, 21 Dec 2017 15:33:14 +0000
From:   Nicholas Mc Guire <der.herr@...r.at>
To:     Lukas Bulwahn <lukas.bulwahn@...il.com>
Cc:     linux-kbuild@...r.kernel.org, sil2review@...ts.osadl.org,
        Masahiro Yamada <yamada.masahiro@...ionext.com>,
        Michal Marek <michal.lkml@...kovi.net>,
        linux-kernel@...r.kernel.org
Subject: Re: [PATCH] fixdep: exit with error code in error branches of
 do_config_file()

On Wed, Dec 20, 2017 at 09:27:02PM +0100, Lukas Bulwahn wrote:
> do_config_file() should exit with an error code, and not return if it fails
> as then the error in do_config_file() would go unnoticed in the current
> code and allow the build to continue. The exit with error code will make
> the build fail in those very exceptional cases. If this occurs, this
> actually indicates a deeper problem in the execution of the kernel build
> process.
> 
> Now, that the function exists, we do not explicitly free memory and close
> the file handlers in do_config_file(), as this is covered by exit().
> 
> This issue in the fixdep script was present already before its initial
> import into the git repository in 2005 (Linux-2.6.12-rc2). Hence, the Fixes
> tag would be imprecise and we do not include a Fixes tag to this commit.
> 

In that case you simply go into the git history tree - thats what it is there
for https://git.kernel.org/cgit/linux/kernel/git/history/history.git/

The problems fixed here were introduced by Kai Germaschewski on
Jun 5 2002 - so

Fixes: commit 04bd72170653 ("kbuild: Make dependencies at compile time")

> This issue was identified during the review of a previous patch that
> intended to address a memory leak detected by a static analysis tool.
> 
> Link: https://lkml.org/lkml/2017/12/14/736
> 
> Suggested-by: Nicholas Mc Guire <der.herr@...r.at>
> Suggested-by: Masahiro Yamada <yamada.masahiro@...ionext.com>
> Signed-off-by: Lukas Bulwahn <lukas.bulwahn@...il.com>
Reviewed-by: Nicholas Mc Guire <der.herr@...r.at>

> ---
> compile tested on top of next-20171220 with clang and gcc
> 
>  scripts/basic/fixdep.c | 11 +++++------
>  1 file changed, 5 insertions(+), 6 deletions(-)
> 
> diff --git a/scripts/basic/fixdep.c b/scripts/basic/fixdep.c
> index bbf62cb..4274610 100644
> --- a/scripts/basic/fixdep.c
> +++ b/scripts/basic/fixdep.c
> @@ -284,19 +284,18 @@ static void do_config_file(const char *filename)
>  		exit(2);
>  	}
>  	if (st.st_size == 0) {
> -		close(fd);
> -		return;
> +		fprintf(stderr, "fixdep: error empty file config file: ");
> +		perror(filename);
> +		exit(2);

yup ! the .cmd file should never be empty

>  	}
>  	map = malloc(st.st_size + 1);
>  	if (!map) {
>  		perror("fixdep: malloc");
> -		close(fd);
> -		return;
> +		exit(2);
>  	}
>  	if (read(fd, map, st.st_size) != st.st_size) {
>  		perror("fixdep: read");
> -		close(fd);
> -		return;
> +		exit(2);
>  	}
>  	map[st.st_size] = '\0';
>  	close(fd);
> -- 
> 2.7.4
> 

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ