| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
Message-ID: <20181017084228.725dd349@gandalf.local.home>
Date: Wed, 17 Oct 2018 08:42:28 -0400
From: Steven Rostedt <rostedt@...dmis.org>
To: Jann Horn <jannh@...gle.com>
Cc: Michael Ellerman <mpe@...erman.id.au>,
kernel list <linux-kernel@...r.kernel.org>,
Kernel Hardening <kernel-hardening@...ts.openwall.com>
Subject: Re: [PATCH] seq_buf: Make seq_buf_puts() NULL terminate the buffer
On Wed, 17 Oct 2018 14:26:37 +0200
Jann Horn <jannh@...gle.com> wrote:
> > diff --git a/lib/seq_buf.c b/lib/seq_buf.c
> > index 11f2ae0f9099..b1570204cde3 100644
> > --- a/lib/seq_buf.c
> > +++ b/lib/seq_buf.c
> > @@ -144,9 +144,13 @@ int seq_buf_puts(struct seq_buf *s, const char *str)
> >
> > WARN_ON(s->size == 0);
> >
> > + /* Add 1 to len for the trailing NULL which must be there */
>
> Nit: In the comments, I would prefer either "null byte" or "NUL"
> instead of "NULL" when talking about something that is not a pointer.
>
> > + len += 1;
>
> It looks like you're using an "unsigned int" for the length, meaning
> that this can in theory (e.g. when operating on a string from a big
> vmalloc buffer) overflow. You should be using size_t here.
seq_buf is not meant for gigabytes of data. We'll change it when that
ever happens.
-- Steve
>
> > if (seq_buf_can_fit(s, len)) {
> > memcpy(s->buffer + s->len, str, len);
> > - s->len += len;
> > + /* Don't count the trailing NULL against the capacity */
> > + s->len += len - 1;
> > return 0;
> > }
> > seq_buf_set_overflow(s);
> > --
> > 2.17.1
> >
Powered by blists - more mailing lists