lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list]
Message-ID: <2023061444-latticed-discuss-fa70@gregkh>
Date:   Wed, 14 Jun 2023 22:09:06 +0200
From:   Greg KH <gregkh@...uxfoundation.org>
To:     Xia Fukun <xiafukun@...wei.com>
Cc:     prajnoha@...hat.com, linux-kernel@...r.kernel.org
Subject: Re: [PATCH v7] kobject: Fix global-out-of-bounds in
 kobject_action_type()

On Wed, Jun 14, 2023 at 07:32:38PM +0800, Xia Fukun wrote:
> 
> On 2023/5/18 17:16, Xia Fukun wrote:
> > ---
> > v6 -> v7:
> > -  Move macro UEVENT_KACT_STRSIZE to the .c file to 
> > improve maintainability.
> > 
> 
> Gentle ping ...
> 
> UEVENT_KACT_STRSIZE is defined as the maximum length of the string
> contained in kobject_actions[].
> 
> At present, the maximum length of strings in this array is 7. Based on
> the actual meaning of these strings, these actions will not exceed 16
> if there are any subsequent changes.
> 
> I have submitted v7 of the patch according to your suggestion and
> tested it to ensure its functionality is correct.

It's in my to-review queue, but I was hoping that others would at least
test it out given that the previous versions had so many problems.  I am
loath to do that on my own, sorry.

> Please take the time to review it.

How did you test it?  How have you verified that the previous failures
were caught this time?

You can understand my hesitancy here, right?

thanks,

greg k-h

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ