| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
Date: Fri, 14 Jan 2022 23:15:14 +0300
From: Pavel Skripkin <paskripkin@...il.com>
To: Phillip Potter <phil@...lpotter.co.uk>
Cc: Larry.Finger@...inger.net, straube.linux@...il.com,
martin@...ser.cx, linux-staging@...ts.linux.dev,
linux-kernel@...r.kernel.org, gregkh@...uxfoundation.org
Subject: Re: [PATCH v2 7/7] staging: r8188eu: convert DBG_88E calls in
core/rtw_sta_mgt.c
Hi Phillip,
On 1/14/22 03:32, Phillip Potter wrote:
[...]
>> > @@ -112,7 +112,7 @@ inline int rtw_stainfo_offset(struct sta_priv *stapriv, struct sta_info *sta)
>> > inline struct sta_info *rtw_get_stainfo_by_offset(struct sta_priv *stapriv, int offset)
>> > {
>> > if (!stainfo_offset_valid(offset))
>> > - DBG_88E("%s invalid offset(%d), out of range!!!", __func__, offset);
>> > + pr_debug("invalid offset(%d), out of range!!!", offset);
>> > return (struct sta_info *)(stapriv->pstainfo_buf + offset * sizeof(struct sta_info));
>> > }
>>
>> Is it safe to proceed with invalid offset? Debug message says it's out of
>> range, so might be we should just return with an error?
>>
>>
>>
>>
>> With regards,
>> Pavel Skripkin
>
> I would need to check the code, but good observation. I wanted to limit
> the scope of this series explicitly to DBG_88E calls, but might be worth
> changing this at the same time.
>
I think, this log without immediate return is not very useful. If code
writes somewhere OOB it means bomb has been planted. And this message
can be reworked as "hey, I've placed a small bomb somewhere, please, be
ready".
I do not mean, that log is useless, I mean log without return is not
very useful
With regards,
Pavel Skripkin
Powered by blists - more mailing lists