| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
Message-ID: <68ca7b7c-100c-0fc0-8819-e1fa891d5414@web.de>
Date: Tue, 15 Oct 2019 07:44:22 +0200
From: Markus Elfring <Markus.Elfring@....de>
To: "J. Bruce Fields" <bfields@...ldses.org>, linux-nfs@...r.kernel.org
Cc: Anna Schumaker <anna.schumaker@...app.com>,
Chuck Lever <chuck.lever@...cle.com>,
Trond Myklebust <trond.myklebust@...merspace.com>,
Aditya Pakki <pakki001@....edu>, Kangjie Lu <kjlu@....edu>,
Navid Emamdoost <emamd001@....edu>,
Stephen McCamant <smccaman@....edu>,
LKML <linux-kernel@...r.kernel.org>
Subject: Re: SUNRPC: Checking a kmemdup() call in xdr_netobj_dup()
>> https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/tree/include/linux/sunrpc/xdr.h?id=1c0cc5f1ae5ee5a6913704c0d75a6e99604ee30a#n167
>> https://elixir.bootlin.com/linux/v5.4-rc2/source/include/linux/sunrpc/xdr.h#L167
>>
>> How do you think about to improve it?
>
> On a quick check--I see five xdr_netobj_dup callers, and all of them
> check whether dst->data is NULL.
Your information is appropriate.
https://elixir.bootlin.com/linux/v5.4-rc2/ident/xdr_netobj_dup
Such a Linux source code cross reference can point out that the function “xdr_netobj_dup”
is used only within the source file “fs/nfsd/nfs4state.c” so far.
> Sounds like a false positive for your tool?
This depends on the software development view you would prefer here.
The desired null pointer checks are just not performed by the mentioned
(inline) function itself.
I imagine then that a dedicated macro might help to stress software design constraints.
Regards,
Markus
Powered by blists - more mailing lists