| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
Message-ID: <YsYbzgnO2KL9eFvc@bombadil.infradead.org>
Date: Wed, 6 Jul 2022 16:33:34 -0700
From: Luis Chamberlain <mcgrof@...nel.org>
To: Aaron Tomlin <atomlin@...hat.com>
Cc: Christophe Leroy <christophe.leroy@...roup.eu>,
"linux-modules@...r.kernel.org" <linux-modules@...r.kernel.org>,
"linux-kernel@...r.kernel.org" <linux-kernel@...r.kernel.org>
Subject: Re: [PATCH 2/2] module: Show the last unloaded module's taint flag(s)
On Sun, Jul 03, 2022 at 03:22:18PM +0100, Aaron Tomlin wrote:
> On Tue 2022-06-28 08:47 +0100, Aaron Tomlin wrote:
> > On Tue 2022-06-28 05:54 +0000, Christophe Leroy wrote:
> > > > - /* Store the name of the last unloaded module for diagnostic purposes */
> > > > strlcpy(last_unloaded_module, mod->name, sizeof(last_unloaded_module));
> > > > + strcat(last_unloaded_module, module_flags(mod, buf, false));
> > >
> > > You replace a bounded string copy by an unbounded strict contat.
> > >
> > > Should you use strlcat() instead ?
> >
> > Hi Christophe,
> >
> > Why? If I understand correctly, both the destination and source string are
> > NULL-terminated (see module_flags()). So, strcat() should be sufficient.
>
> Hi Luis,
>
> Any thoughts on this? As far as I can tell, the destination string cannot
> be overwritten; albeit, I can use the safer option if you prefer.
Yeah I don't like this as-is, it makes it not so easy to follow, I'll
reply in my review of your patch now.
Luis
Powered by blists - more mailing lists