| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
Message-ID: <mhng-8c6309b5-4ba9-4276-a8e6-2864426e77f0@palmer-ri-x1c9a>
Date: Thu, 01 Jun 2023 13:17:03 -0700 (PDT)
From: Palmer Dabbelt <palmer@...belt.com>
To: keescook@...omium.org
CC: keescook@...omium.org, Paul Walmsley <paul.walmsley@...ive.com>,
ndesaulniers@...gle.com, linux-kernel@...r.kernel.org,
gustavoars@...nel.org, linux@...mhuis.info,
heiko.stuebner@...ll.eu, linux-hardening@...r.kernel.org,
aou@...s.berkeley.edu, linux-riscv@...ts.infradead.org,
joanbrugueram@...il.com, masahiroy@...nel.org,
Conor Dooley <conor.dooley@...rochip.com>,
ajones@...tanamicro.com, hi@...ssa.is
Subject: Re: [PATCH v2] riscv/purgatory: Do not use fortified string functions
On Thu, 01 Jun 2023 11:27:03 PDT (-0700), keescook@...omium.org wrote:
> On Thu, 1 Jun 2023 09:00:28 -0700, Kees Cook wrote:
>> With the addition of -fstrict-flex-arrays=3, struct sha256_state's
>> trailing array is no longer ignored by CONFIG_FORTIFY_SOURCE:
>>
>> struct sha256_state {
>> u32 state[SHA256_DIGEST_SIZE / 4];
>> u64 count;
>> u8 buf[SHA256_BLOCK_SIZE];
>> };
>>
>> [...]
>
> Applied to for-next/hardening, thanks!
>
> [1/1] riscv/purgatory: Do not use fortified string functions
> https://git.kernel.org/kees/c/ca2ca08f479d
Sorry, I'd just applied this to riscv/fixes as well. I can drop it if
you want? I was going to send a PR tomorrow, just LMK.
Powered by blists - more mailing lists