| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
Date: Wed, 20 Mar 2019 12:14:01 -0500
From: Mike Christie <mchristi@...hat.com>
To: Colin King <colin.king@...onical.com>,
"Martin K . Petersen" <martin.petersen@...cle.com>,
linux-scsi@...r.kernel.org, target-devel@...r.kernel.org
Cc: kernel-janitors@...r.kernel.org, linux-kernel@...r.kernel.org
Subject: Re: [PATCH][next] scsi: target: fix unsigned comparision with less
than zero
On 03/20/2019 11:37 AM, Colin King wrote:
> From: Colin Ian King <colin.king@...onical.com>
>
> Currently an error return is being assigned to an unsigned
> size_t varianle and then checked if the result is less than
> zero which will always be false. Fix this by making ret
What kernel version was this made against?
For Martin's 5.2 queue branch, with these scsi changes it looks like
strlcpy returns a size_t. And then below it looks like we compare the
return value from that function to the buffer size and the max len of
the string we support. We do not seem to check for less than zero.
> ssize_t rather than a size_t.
>
> Fixes: 0322913cab79 ("scsi: target: Add device product id and revision configfs attributes")
> Signed-off-by: Colin Ian King <colin.king@...onical.com>
> ---
> drivers/target/target_core_configfs.c | 9 ++++++---
> 1 file changed, 6 insertions(+), 3 deletions(-)
>
> diff --git a/drivers/target/target_core_configfs.c b/drivers/target/target_core_configfs.c
> index 8f3faef235b5..3fe79875b3ac 100644
> --- a/drivers/target/target_core_configfs.c
> +++ b/drivers/target/target_core_configfs.c
> @@ -1267,7 +1267,8 @@ static ssize_t target_wwn_vendor_id_store(struct config_item *item,
> /* +2 to allow for a trailing (stripped) '\n' and null-terminator */
> unsigned char buf[INQUIRY_VENDOR_LEN + 2];
> char *stripped = NULL;
> - size_t len, ret;
> + size_t len;
> + ssize_t ret;
>
> len = strlcpy(buf, page, sizeof(buf));
> if (len < sizeof(buf)) {
> @@ -1322,7 +1323,8 @@ static ssize_t target_wwn_product_id_store(struct config_item *item,
> /* +2 to allow for a trailing (stripped) '\n' and null-terminator */
> unsigned char buf[INQUIRY_MODEL_LEN + 2];
> char *stripped = NULL;
> - size_t len, ret;
> + size_t len;
> + ssize_t ret;
>
> len = strlcpy(buf, page, sizeof(buf));
> if (len < sizeof(buf)) {
> @@ -1377,7 +1379,8 @@ static ssize_t target_wwn_revision_store(struct config_item *item,
> /* +2 to allow for a trailing (stripped) '\n' and null-terminator */
> unsigned char buf[INQUIRY_REVISION_LEN + 2];
> char *stripped = NULL;
> - size_t len, ret;
> + size_t len;
> + ssize_t ret;
>
> len = strlcpy(buf, page, sizeof(buf));
> if (len < sizeof(buf)) {
>
Powered by blists - more mailing lists