| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
Date: Mon, 17 Dec 2018 12:02:01 -0800
From: Linus Torvalds <torvalds@...ux-foundation.org>
To: James Bottomley <James.Bottomley@...senpartnership.com>
Cc: ebiggers@...nel.org, James Morris James Morris <jmorris@...ei.org>,
Mimi Zohar <zohar@...ux.vnet.ibm.com>,
Jarkko Sakkinen <jarkko.sakkinen@...ux.intel.com>,
Peter Huewe <peterhuewe@....de>,
David Howells <dhowells@...hat.com>, keyrings@...r.kernel.org,
Linux List Kernel Mailing <linux-kernel@...r.kernel.org>,
syzkaller-bugs@...glegroups.com
Subject: Re: [PATCH RESEND] KEYS: fix parsing invalid pkey info string
On Mon, Dec 17, 2018 at 11:51 AM James Bottomley
<James.Bottomley@...senpartnership.com> wrote:
>
> If this is to replace Eric's patch, didn't you want to set token_mask
> to (1<<Opt_err)?
No, let's not add any extra code that is trying to be subtle. Subtle
interactions was where the bug came from.
The code already checks the actual Opt_xyz for errors in a switch
statement. The token_mask should be _purely_ about duplicate options
(or conflicting ones).
Talking about the conflicting ones: Opt_hash checks that
Opt_policydigest isn't set. But Opt_policydigest doesn't check that
Opt_hash isn't set, so you can mix the two if you just do it in the
right order.
But that's a separate bug, and doesn't seem to be a huge deal.
But it *is* an example of how bogus all of this stuff is. Clearly
people weren't really paying attention when writing any of this code.
Linus
Powered by blists - more mailing lists