| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
Message-ID: <YQAm0DOAPxyah0+H@casper.infradead.org>
Date: Tue, 27 Jul 2021 16:31:28 +0100
From: Matthew Wilcox <willy@...radead.org>
To: Al Viro <viro@...iv.linux.org.uk>
Cc: Greg Kroah-Hartman <gregkh@...uxfoundation.org>,
linux-fsdevel@...r.kernel.org, linux-kernel@...r.kernel.org,
Jordy Zomer <jordy@...ing.systems>,
Andy Shevchenko <andriy.shevchenko@...ux.intel.com>,
"Ahmed S. Darwish" <a.darwish@...utronix.de>,
Peter Zijlstra <peterz@...radead.org>,
Eric Biggers <ebiggers@...gle.com>
Subject: Re: [PATCH] fs: make d_path-like functions all have unsigned size
On Tue, Jul 27, 2021 at 03:17:09PM +0000, Al Viro wrote:
> On Tue, Jul 27, 2021 at 04:07:47PM +0100, Matthew Wilcox wrote:
>
> > umm ... what if someone passes in -ENOMEM as buflen? Not saying we
> > have such a path right now, but I could imagine it happening.
> >
> > if (unlikely(buflen < 0))
> > return ERR_PTR(buflen);
> > if (unlikely(buflen > 0x8000)) {
> > buf += buflen - 0x8000;
> > buflen = 0x8000;
> > }
>
> Not really. You don't want ERR_PTR() of random negative numbers to start
> flying around...
yeah. the problem is that we're trying to infer what's actually going
on when the user has (potentially) passed us complete crap. so do
we assume that 'buffer' is good if 'buflen' is >32KB? plausible it
might be. is it still plausibly good if buflen is >4MB? i would say
'no'.
if (unlikely((unsigned)buflen > 4096U * 1024))
return ERR_PTR(-EINVAL);
if (unlikely(buflen > 0x8000)) {
buf += buflen - 0x8000;
buflen = 0x8000;
}
Powered by blists - more mailing lists