lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [<thread-prev] [day] [month] [year] [list] 
Message-ID: <CAKYAXd824PDidipzYR3ZqP0BkQqi2MXXQRhqZ_OUAO62AtdQXQ@mail.gmail.com>
Date:   Thu, 7 Oct 2021 23:31:12 +0900
From:   Namjae Jeon <linkinjeon@...nel.org>
To:     Dan Carpenter <dan.carpenter@...cle.com>
Cc:     Colin King <colin.king@...onical.com>,
        Sergey Senozhatsky <senozhatsky@...omium.org>,
        Steve French <sfrench@...ba.org>,
        Hyunchul Lee <hyc.lee@...il.com>,
        Ronnie Sahlberg <lsahlber@...hat.com>,
        linux-cifs@...r.kernel.org, kernel-janitors@...r.kernel.org,
        linux-kernel@...r.kernel.org
Subject: Re: [PATCH][next] cifsd: Fix a less than zero comparison with the
 unsigned int nbytes

2021-10-07 22:35 GMT+09:00, Dan Carpenter <dan.carpenter@...cle.com>:
> On Thu, Oct 07, 2021 at 09:37:04PM +0900, Namjae Jeon wrote:
>> 2021-10-07 20:47 GMT+09:00, Colin King <colin.king@...onical.com>:
>> >
>> > Fixes: e2f34481b24d ("cifsd: add server-side procedures for SMB3")
>> I think that this alarm is caused by 	b66732021c64 (ksmbd: add
>> validation in smb2_ioctl).
>> Fixes tag may be not needed. Because b66732021c64 patch is not applied
>> to Linus' tree yet ?
>
> If you are going to modify the commit to include this fix then that's
> fine.  Otherise if you are going to apply this commit then the Fixes
> tag is still required.
>
> The fixes tag saves time for backporters because they can automatically
> rule out that this patch needs to be backported.  Or if they backport
> commit b66732021c64 then they know they have to backport the fix as
> well.
>
> Also the Fixes tag is used for other purposes besides backporting.
> It helps review.  It's also an interesting metric to measure how long
> between the bug is introduced and the fix is applied.
Okay, Thanks for your detailed explanation:)
>
> regards,
> dan carpenter
>
>

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ