lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite for Android: free password hash cracker in your pocket
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list] 
Message-ID: <20200310083816.GA11561@kadam>
Date:   Tue, 10 Mar 2020 11:38:16 +0300
From:   Dan Carpenter <dan.carpenter@...cle.com>
To:     Tigran Aivazian <aivazian.tigran@...il.com>
Cc:     LKML <linux-kernel@...r.kernel.org>,
        kernel-janitors@...r.kernel.org
Subject: Re: [PATCH] bfs: prevent underflow in bfs_find_entry()

On Mon, Mar 09, 2020 at 09:14:27AM +0000, Tigran Aivazian wrote:
> Hello Dan,
> 
> On Sat, 7 Mar 2020 at 06:08, Dan Carpenter <dan.carpenter@...cle.com> wrote:
> > -       int namelen = child->len;
> > +       unsigned int namelen = child->len;
> 
> Thank you, that is sensible, but have you actually verified that
> attempting a lookup of a filename longer than 2.2 billion bytes causes
> a problem? If that's the case, then your patch should be considered.
> If not, it would seem to be a waste of time to worry about something
> that cannot ever happen.

As the commit message says, this is just to silence a static checker
warning about checking for upper bounds but ignoring negatives.  The
check has found a number of problems in the past but it becomes less
useful if security reviewers have to sort through a bunch of false
positives.

regards,
dan carpenter

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ