| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
Date: Wed, 20 Mar 2019 17:14:51 +0000
From: Colin Ian King <colin.king@...onical.com>
To: Mike Christie <mchristi@...hat.com>,
"Martin K . Petersen" <martin.petersen@...cle.com>,
linux-scsi@...r.kernel.org, target-devel@...r.kernel.org
Cc: kernel-janitors@...r.kernel.org, linux-kernel@...r.kernel.org
Subject: Re: [PATCH][next] scsi: target: fix unsigned comparision with less
than zero
On 20/03/2019 17:14, Mike Christie wrote:
> On 03/20/2019 11:37 AM, Colin King wrote:
>> From: Colin Ian King <colin.king@...onical.com>
>>
>> Currently an error return is being assigned to an unsigned
>> size_t varianle and then checked if the result is less than
>> zero which will always be false. Fix this by making ret
>
> What kernel version was this made against?
today's linux-next
>
> For Martin's 5.2 queue branch, with these scsi changes it looks like
> strlcpy returns a size_t. And then below it looks like we compare the
> return value from that function to the buffer size and the max len of
> the string we support. We do not seem to check for less than zero.
>
>
>> ssize_t rather than a size_t.
>>
>> Fixes: 0322913cab79 ("scsi: target: Add device product id and revision configfs attributes")
>> Signed-off-by: Colin Ian King <colin.king@...onical.com>
>> ---
>> drivers/target/target_core_configfs.c | 9 ++++++---
>> 1 file changed, 6 insertions(+), 3 deletions(-)
>>
>> diff --git a/drivers/target/target_core_configfs.c b/drivers/target/target_core_configfs.c
>> index 8f3faef235b5..3fe79875b3ac 100644
>> --- a/drivers/target/target_core_configfs.c
>> +++ b/drivers/target/target_core_configfs.c
>> @@ -1267,7 +1267,8 @@ static ssize_t target_wwn_vendor_id_store(struct config_item *item,
>> /* +2 to allow for a trailing (stripped) '\n' and null-terminator */
>> unsigned char buf[INQUIRY_VENDOR_LEN + 2];
>> char *stripped = NULL;
>> - size_t len, ret;
>> + size_t len;
>> + ssize_t ret;
>>
>> len = strlcpy(buf, page, sizeof(buf));
>> if (len < sizeof(buf)) {
>> @@ -1322,7 +1323,8 @@ static ssize_t target_wwn_product_id_store(struct config_item *item,
>> /* +2 to allow for a trailing (stripped) '\n' and null-terminator */
>> unsigned char buf[INQUIRY_MODEL_LEN + 2];
>> char *stripped = NULL;
>> - size_t len, ret;
>> + size_t len;
>> + ssize_t ret;
>>
>> len = strlcpy(buf, page, sizeof(buf));
>> if (len < sizeof(buf)) {
>> @@ -1377,7 +1379,8 @@ static ssize_t target_wwn_revision_store(struct config_item *item,
>> /* +2 to allow for a trailing (stripped) '\n' and null-terminator */
>> unsigned char buf[INQUIRY_REVISION_LEN + 2];
>> char *stripped = NULL;
>> - size_t len, ret;
>> + size_t len;
>> + ssize_t ret;
>>
>> len = strlcpy(buf, page, sizeof(buf));
>> if (len < sizeof(buf)) {
>>
Powered by blists - more mailing lists