lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite for Android: free password hash cracker in your pocket
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list]
Message-ID: <5C9274D9.30706@redhat.com>
Date:   Wed, 20 Mar 2019 12:14:01 -0500
From:   Mike Christie <mchristi@...hat.com>
To:     Colin King <colin.king@...onical.com>,
        "Martin K . Petersen" <martin.petersen@...cle.com>,
        linux-scsi@...r.kernel.org, target-devel@...r.kernel.org
Cc:     kernel-janitors@...r.kernel.org, linux-kernel@...r.kernel.org
Subject: Re: [PATCH][next] scsi: target: fix unsigned comparision with less
 than zero

On 03/20/2019 11:37 AM, Colin King wrote:
> From: Colin Ian King <colin.king@...onical.com>
> 
> Currently an error return is being assigned to an unsigned
> size_t varianle and then checked if the result is less than
> zero which will always be false.  Fix this by making ret

What kernel version was this made against?

For Martin's 5.2 queue branch, with these scsi changes it looks like
strlcpy returns a size_t. And then below it looks like we compare the
return value from that function to the buffer size and the max len of
the string we support. We do not seem to check for less than zero.


> ssize_t rather than a size_t.
> 
> Fixes: 0322913cab79 ("scsi: target: Add device product id and revision configfs attributes")
> Signed-off-by: Colin Ian King <colin.king@...onical.com>
> ---
>  drivers/target/target_core_configfs.c | 9 ++++++---
>  1 file changed, 6 insertions(+), 3 deletions(-)
> 
> diff --git a/drivers/target/target_core_configfs.c b/drivers/target/target_core_configfs.c
> index 8f3faef235b5..3fe79875b3ac 100644
> --- a/drivers/target/target_core_configfs.c
> +++ b/drivers/target/target_core_configfs.c
> @@ -1267,7 +1267,8 @@ static ssize_t target_wwn_vendor_id_store(struct config_item *item,
>  	/* +2 to allow for a trailing (stripped) '\n' and null-terminator */
>  	unsigned char buf[INQUIRY_VENDOR_LEN + 2];
>  	char *stripped = NULL;
> -	size_t len, ret;
> +	size_t len;
> +	ssize_t ret;
>  
>  	len = strlcpy(buf, page, sizeof(buf));
>  	if (len < sizeof(buf)) {
> @@ -1322,7 +1323,8 @@ static ssize_t target_wwn_product_id_store(struct config_item *item,
>  	/* +2 to allow for a trailing (stripped) '\n' and null-terminator */
>  	unsigned char buf[INQUIRY_MODEL_LEN + 2];
>  	char *stripped = NULL;
> -	size_t len, ret;
> +	size_t len;
> +	ssize_t ret;
>  
>  	len = strlcpy(buf, page, sizeof(buf));
>  	if (len < sizeof(buf)) {
> @@ -1377,7 +1379,8 @@ static ssize_t target_wwn_revision_store(struct config_item *item,
>  	/* +2 to allow for a trailing (stripped) '\n' and null-terminator */
>  	unsigned char buf[INQUIRY_REVISION_LEN + 2];
>  	char *stripped = NULL;
> -	size_t len, ret;
> +	size_t len;
> +	ssize_t ret;
>  
>  	len = strlcpy(buf, page, sizeof(buf));
>  	if (len < sizeof(buf)) {
> 

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ