lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [<thread-prev] [day] [month] [year] [list] 
Date:   Mon, 1 Mar 2021 19:30:07 +0800 (GMT+08:00)
From:   dinghao.liu@....edu.cn
To:     "Jarkko Sakkinen" <jarkko@...nel.org>
Cc:     kjlu@....edu, "Peter Huewe" <peterhuewe@....de>,
        "Jason Gunthorpe" <jgg@...pe.ca>, linux-integrity@...r.kernel.org,
        linux-kernel@...r.kernel.org
Subject: Re: Re: [PATCH] tpm: Add missing check in tpm_inf_recv



&quot;Jarkko Sakkinen&quot; &lt;jarkko@...nel.org&gt;写道:
> On Sun, Feb 28, 2021 at 05:32:30PM +0800, Dinghao Liu wrote:
> > The use of wait() in tpm_inf_recv() is almost the same. It's odd that
> > we only check the return value and terminate execution flow of one call.
> > 
> > Signed-off-by: Dinghao Liu <dinghao.liu@....edu.cn>
> 
> Is the unchecked return value of wait() the problem? I don't see the
> function even mentioned in the description.
> 

Yes. This issue is reported by my static analysis tool. I think we
should treat wait() equally in this function (check the return value
and return an error code on failure). 

Regards,
Dinghao

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ