| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
Message-ID: <ZAcDlAkujTLkbrqr@kroah.com> Date: Tue, 7 Mar 2023 10:27:48 +0100 From: Greg KH <gregkh@...uxfoundation.org> To: Xia Fukun <xiafukun@...wei.com> Cc: prajnoha@...hat.com, linux-kernel@...r.kernel.org Subject: Re: [PATCH] kobject: Fix global-out-of-bounds in kobject_action_type() A: http://en.wikipedia.org/wiki/Top_post Q: Were do I find info about this thing called top-posting? A: Because it messes up the order in which people normally read text. Q: Why is top-posting such a bad thing? A: Top-posting. Q: What is the most annoying thing in e-mail? A: No. Q: Should I include quotations after my reply? http://daringfireball.net/2007/07/on_top On Tue, Mar 07, 2023 at 05:08:02PM +0800, Xia Fukun wrote: > Thanks for your reply. > Your understanding is correct."offline\0\0\0\0\0\0\0\0\0\0" is indeed blocked > from matching "offline" and returns a failed result. > > I'm not sure whether to relax the restrictions to make it match successfully. > After all, the incoming count is too large and not the actual length of > "offline". But that doesn't matter at all. Sometimes you do not have control over the buffer length when writing to a file like this, what matters is the content of the buffer and we should stop at the first \0 as that's the "end of a string" in this type of api. So your change here might break existing userspace code, and we can't do that, sorry. thanks, greg k-h
Powered by blists - more mailing lists