lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [<thread-prev] [day] [month] [year] [list]
Message-ID: <CAH2r5msJ1ZogypaiiLQ=STiroEXULwJr71_ta_+ZamXSqzxgpA@mail.gmail.com>
Date:   Sat, 18 Feb 2023 09:19:26 -0600
From:   Steve French <smfrench@...il.com>
To:     Namjae Jeon <linkinjeon@...nel.org>
Cc:     Kees Cook <keescook@...omium.org>,
        Steve French <sfrench@...ba.org>, Paulo Alcantara <pc@....nz>,
        Ronnie Sahlberg <lsahlber@...hat.com>,
        Shyam Prasad N <sprasad@...rosoft.com>,
        Tom Talpey <tom@...pey.com>,
        Sergey Senozhatsky <senozhatsky@...omium.org>,
        linux-cifs@...r.kernel.org, samba-technical@...ts.samba.org,
        linux-kernel@...r.kernel.org, linux-hardening@...r.kernel.org
Subject: Re: [PATCH v3] smb3: Replace smb2pdu 1-element arrays with flex-arrays

merged into cifs-2.6.git for-next pending testing

On Fri, Feb 17, 2023 at 9:24 PM Namjae Jeon <linkinjeon@...nel.org> wrote:
>
> 2023-02-18 9:24 GMT+09:00, Kees Cook <keescook@...omium.org>:
> > The kernel is globally removing the ambiguous 0-length and 1-element
> > arrays in favor of flexible arrays, so that we can gain both compile-time
> > and run-time array bounds checking[1].
> >
> > Replace the trailing 1-element array with a flexible array in the
> > following structures:
> >
> >       struct smb2_err_rsp
> >       struct smb2_tree_connect_req
> >       struct smb2_negotiate_rsp
> >       struct smb2_sess_setup_req
> >       struct smb2_sess_setup_rsp
> >       struct smb2_read_req
> >       struct smb2_read_rsp
> >       struct smb2_write_req
> >       struct smb2_write_rsp
> >       struct smb2_query_directory_req
> >       struct smb2_query_directory_rsp
> >       struct smb2_set_info_req
> >       struct smb2_change_notify_rsp
> >       struct smb2_create_rsp
> >       struct smb2_query_info_req
> >       struct smb2_query_info_rsp
> >
> > Replace the trailing 1-element array with a flexible array, but leave
> > the existing structure padding:
> >
> >       struct smb2_file_all_info
> >       struct smb2_lock_req
> >
> > Adjust all related size calculations to match the changes to sizeof().
> >
> > No machine code output or .data section differences are produced after
> > these changes.
> >
> > [1] For lots of details, see both:
> >
> > https://docs.kernel.org/process/deprecated.html#zero-length-and-one-element-arrays
> >     https://people.kernel.org/kees/bounded-flexible-arrays-in-c
> >
> > Cc: Steve French <sfrench@...ba.org>
> > Cc: Paulo Alcantara <pc@....nz>
> > Cc: Ronnie Sahlberg <lsahlber@...hat.com>
> > Cc: Shyam Prasad N <sprasad@...rosoft.com>
> > Cc: Tom Talpey <tom@...pey.com>
> > Cc: Namjae Jeon <linkinjeon@...nel.org>
> > Cc: Sergey Senozhatsky <senozhatsky@...omium.org>
> > Cc: linux-cifs@...r.kernel.org
> > Cc: samba-technical@...ts.samba.org
> > Signed-off-by: Kees Cook <keescook@...omium.org>
> Reviewed-by: Namjae Jeon <linkinjeon@...nel.org>
>
> Thanks!



-- 
Thanks,

Steve

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ