lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list] 
Message-ID: <fabccce3c25444bbb5aa51f8c08e9865@bfs.de>
Date:   Tue, 10 Mar 2020 17:57:18 +0000
From:   Walter Harms <wharms@....de>
To:     Dan Carpenter <dan.carpenter@...cle.com>
CC:     "Tigran A. Aivazian" <aivazian.tigran@...il.com>,
        "linux-kernel@...r.kernel.org" <linux-kernel@...r.kernel.org>,
        "kernel-janitors@...r.kernel.org" <kernel-janitors@...r.kernel.org>
Subject: AW: [PATCH] bfs: prevent underflow in bfs_find_entry()


________________________________________
Von: Dan Carpenter <dan.carpenter@...cle.com>
Gesendet: Dienstag, 10. März 2020 10:06
An: Walter Harms
Cc: Tigran A. Aivazian; linux-kernel@...r.kernel.org; kernel-janitors@...r.kernel.org
Betreff: Re: [PATCH] bfs: prevent underflow in bfs_find_entry()

On Mon, Mar 09, 2020 at 08:40:28AM +0000, Walter Harms wrote:
> hi Dan,
> the namelen usage is fishy. It goes into bfs_namecmp()
> where it is checked for namelen < BFS_NAMELEN, leaving
> only the case ==.

The rule in bfs_namecmp() is that the name has to be NUL terminated if
there is enough space.

that raises the question why is there a len paramter in the first place.
Surely the writer can make sure that there is always a NUL terminated
string, then it would be possible the use a simple strcmp() and the
range check is useless and can be removed.

seems a question for the maintainer.

re,
 wh

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ