| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
Date: Tue, 7 Mar 2023 17:49:25 +0800
From: Xia Fukun <xiafukun@...wei.com>
To: Greg KH <gregkh@...uxfoundation.org>
CC: <prajnoha@...hat.com>, <linux-kernel@...r.kernel.org>
Subject: Re: [PATCH] kobject: Fix global-out-of-bounds in
kobject_action_type()
I know how to modify it to meet your requirements:
for (action = 0; action < ARRAY_SIZE(kobject_actions); action++) {
if (strncmp(kobject_actions[action], buf, count_first) != 0)
continue;
if (strlen(kobject_actions[action]) > count_first)
continue;
if (args)
*args = args_start;
*type = action;
ret = 0;
break;
}
So I will modify the patch and resubmit it. Please review it again
在 2023/3/7 17:27, Greg KH 写道:
>
> On Tue, Mar 07, 2023 at 05:08:02PM +0800, Xia Fukun wrote:
>> Thanks for your reply.
>> Your understanding is correct."offline\0\0\0\0\0\0\0\0\0\0" is indeed blocked
>> from matching "offline" and returns a failed result.
>>
>> I'm not sure whether to relax the restrictions to make it match successfully.
>> After all, the incoming count is too large and not the actual length of
>> "offline".
>
> But that doesn't matter at all. Sometimes you do not have control over
> the buffer length when writing to a file like this, what matters is the
> content of the buffer and we should stop at the first \0 as that's the
> "end of a string" in this type of api.
>
> So your change here might break existing userspace code, and we can't do
> that, sorry.
>
> thanks,
>
> greg k-h
Powered by blists - more mailing lists