lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [<thread-prev] [day] [month] [year] [list] 
Message-ID: <8faa56ea-c670-9ad2-c3b3-a560f8cf2aaa@gmail.com>
Date:   Fri, 14 Jan 2022 23:15:14 +0300
From:   Pavel Skripkin <paskripkin@...il.com>
To:     Phillip Potter <phil@...lpotter.co.uk>
Cc:     Larry.Finger@...inger.net, straube.linux@...il.com,
        martin@...ser.cx, linux-staging@...ts.linux.dev,
        linux-kernel@...r.kernel.org, gregkh@...uxfoundation.org
Subject: Re: [PATCH v2 7/7] staging: r8188eu: convert DBG_88E calls in
 core/rtw_sta_mgt.c

Hi Phillip,

On 1/14/22 03:32, Phillip Potter wrote:
[...]

>> > @@ -112,7 +112,7 @@ inline int rtw_stainfo_offset(struct sta_priv *stapriv, struct sta_info *sta)
>> >   inline struct sta_info *rtw_get_stainfo_by_offset(struct sta_priv *stapriv, int offset)
>> >   {
>> >   	if (!stainfo_offset_valid(offset))
>> > -		DBG_88E("%s invalid offset(%d), out of range!!!", __func__, offset);
>> > +		pr_debug("invalid offset(%d), out of range!!!", offset);
>> >   	return (struct sta_info *)(stapriv->pstainfo_buf + offset * sizeof(struct sta_info));
>> >   }
>> 
>> Is it safe to proceed with invalid offset? Debug message says it's out of
>> range, so might be we should just return with an error?
>> 
>> 
>> 
>> 
>> With regards,
>> Pavel Skripkin
> 
> I would need to check the code, but good observation. I wanted to limit
> the scope of this series explicitly to DBG_88E calls, but might be worth
> changing this at the same time.
> 

I think, this log without immediate return is not very useful. If code 
writes somewhere OOB it means bomb has been planted. And this message 
can be reworked as "hey, I've placed a small bomb somewhere, please, be 
ready".

I do not mean, that log is useless, I mean log without return is not 
very useful



With regards,
Pavel Skripkin

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ