| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
Message-ID: <571668.1638347365@warthog.procyon.org.uk>
Date: Wed, 01 Dec 2021 08:29:25 +0000
From: David Howells <dhowells@...hat.com>
To: JeffleXu <jefflexu@...ux.alibaba.com>
Cc: dhowells@...hat.com, linux-cachefs@...hat.com,
Trond Myklebust <trondmy@...merspace.com>,
Anna Schumaker <anna.schumaker@...app.com>,
Steve French <sfrench@...ba.org>,
Dominique Martinet <asmadeus@...ewreck.org>,
Jeff Layton <jlayton@...nel.org>,
Matthew Wilcox <willy@...radead.org>,
Alexander Viro <viro@...iv.linux.org.uk>,
Omar Sandoval <osandov@...ndov.com>,
Linus Torvalds <torvalds@...ux-foundation.org>,
linux-afs@...ts.infradead.org, linux-nfs@...r.kernel.org,
linux-cifs@...r.kernel.org, ceph-devel@...r.kernel.org,
v9fs-developer@...ts.sourceforge.net,
linux-fsdevel@...r.kernel.org, linux-kernel@...r.kernel.org
Subject: Re: [PATCH 44/64] cachefiles: Implement key to filename encoding
JeffleXu <jefflexu@...ux.alibaba.com> wrote:
> > + /* If the path is usable ASCII, then we render it directly */
> > + if (print) {
> > + len = 1 + keylen + 1;
> > + name = kmalloc(len, GFP_KERNEL);
> > + if (!name)
> > + return false;
> > +
> > + name[0] = 'D'; /* Data object type, string encoding */
> > + name[1 + keylen] = 0;
> > + memcpy(name + 1, key, keylen);
> > + goto success;
> ^
> If we goto success from here,
> ...
> > +
> > +success:
> > + name[len] = 0;
> ^
> then it seems that this will cause an out-of-boundary access.
You're right. I'll change that to:
len = 1 + keylen;
name = kmalloc(len + 1, GFP_KERNEL);
and I shouldn't need:
name[1 + keylen] = 0;
as that's also done after the success label.
David
Powered by blists - more mailing lists