| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
Message-ID: <20210907101705.GH1935@kadam>
Date: Tue, 7 Sep 2021 13:17:05 +0300
From: Dan Carpenter <dan.carpenter@...cle.com>
To: Sergey Senozhatsky <senozhatsky@...omium.org>
Cc: Namjae Jeon <linkinjeon@...nel.org>,
Steve French <sfrench@...ba.org>,
Hyunchul Lee <hyc.lee@...il.com>, linux-cifs@...r.kernel.org,
linux-kernel@...r.kernel.org, kernel-janitors@...r.kernel.org
Subject: Re: [PATCH] ksmbd: remove unnecessary conditions
On Tue, Sep 07, 2021 at 06:59:38PM +0900, Sergey Senozhatsky wrote:
> On (21/09/07 12:14), Dan Carpenter wrote:
> [..]
> > > > >
> > > > > Can make_kuid() return INVALID_UID? IOW, uid_valid(uid) here as well?
> > > >
> > > > No need to check twice. We're going to check at the end.
> > > >
> > > > >
> > > > > > +
> > > > > > + /* If this is an idmapped mount, apply the idmapping. */
> > > > > > + uid = kuid_from_mnt(user_ns, uid);
> > > > > > + if (uid_valid(uid)) {
> > > > ^^^^^^^^^^^^^^
> > > > The check here is sufficient.
> > >
> > > My point was more that a potentially invalid UID is passed to kuid_from_mnt()
> > > and kgid_from_mnt(). I don't see map_id_up(), for example, checking that
> > > passed UID is valid. So decided to double check.
> >
> > But you've seen it now, right?
>
> A linear search in array of 5 elements or a binary search in array of 340
> elements? Yea, I saw it. I'd prefer one extra uid_valid(), if you'd ask
> me - why call the function if we already know that it'll fail.
It's a failure path. Hopefully people will only give us valid data.
We would normally only optimize the failure path if we thought that it
could be used as a DoS vector.
regards,
dan carpenter
Powered by blists - more mailing lists