lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list] 
Date:   Thu, 7 Oct 2021 21:51:06 +0900
From:   Namjae Jeon <linkinjeon@...nel.org>
To:     Colin King <colin.king@...onical.com>
Cc:     Sergey Senozhatsky <senozhatsky@...omium.org>,
        Steve French <sfrench@...ba.org>,
        Hyunchul Lee <hyc.lee@...il.com>,
        Ronnie Sahlberg <lsahlber@...hat.com>,
        linux-cifs@...r.kernel.org, kernel-janitors@...r.kernel.org,
        linux-kernel@...r.kernel.org
Subject: Re: [PATCH][next] cifsd: Fix a less than zero comparison with the
 unsigned int nbytes

2021-10-07 21:37 GMT+09:00, Namjae Jeon <linkinjeon@...nel.org>:
> 2021-10-07 20:47 GMT+09:00, Colin King <colin.king@...onical.com>:
>> From: Colin Ian King <colin.king@...onical.com>
>>
>> Currently the check for nbytes < 0 is always false because nbytes
>> is an unsigned int and can never be less than zero.  Fix this by
>> using ret for the assignment and comparison and assigning nbytes
>> to ret later if the check is successful. The fix also passes the
>> error return in ret to the error handling path that caters for
>> various values of ret.
>>
>> Addresses-Coverity: ("Unsigned compared against 0")
>> Fixes: e2f34481b24d ("cifsd: add server-side procedures for SMB3")
> I think that this alarm is caused by 	b66732021c64 (ksmbd: add
> validation in smb2_ioctl).
> Fixes tag may be not needed. Because b66732021c64 patch is not applied
> to Linus' tree yet ?
>> Signed-off-by: Colin Ian King <colin.king@...onical.com>
> Acked-by: Namjae Jeon <linkinjeon@...nel.org>

I found one issue in this patch.
if ret is -EINVAL, Status is changed to STATUS_INVALID_PARAMETER from
STATUS_BUFFER_TOO_SMALL.

static int fsctl_query_iface_info_ioctl(struct ksmbd_conn *conn,
                                        struct smb2_ioctl_rsp *rsp,
                                        unsigned int out_buf_len)
...
        if (!nbytes) {
                rsp->hdr.Status = STATUS_BUFFER_TOO_SMALL;
                return -EINVAL;
        }

>
> Thanks!
>

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ