lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite for Android: free password hash cracker in your pocket
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list]
Date:   Thu, 22 Jun 2023 11:43:20 +0300
From:   Andy Shevchenko <andriy.shevchenko@...ux.intel.com>
To:     Armin Wolf <W_Armin@....de>
Cc:     Barnabás Pőcze <pobrn@...tonmail.com>,
        Hans de Goede <hdegoede@...hat.com>,
        platform-driver-x86@...r.kernel.org, linux-kernel@...r.kernel.org,
        Mark Gross <markgross@...nel.org>
Subject: Re: [PATCH v1 1/2] platform/x86: wmi: Break possible infinite loop
 when parsing GUID

On Wed, Jun 21, 2023 at 11:50:51PM +0200, Armin Wolf wrote:
> Am 21.06.23 um 23:29 schrieb Barnabás Pőcze:
> > 2023. június 21., szerda 23:20 keltezéssel, Armin Wolf <W_Armin@....de> írta:

[...]

> > > > -		if (WARN_ON(guid_parse(id->guid_string, &driver_guid)))
> > > 
> > > just an idea: how about printing an error/debug message in case of an
> > > malformed GUID?  This could be useful when searching for typos in GUIDs
> > > used by WMI drivers.

[...]

> > Wouldn't it be better to change `__wmi_driver_register()` to check that?
> 
> Good point, i guess we can just forget this idea. The original motivation for
> it was the WARN_ON() inside wmi_dev_match(), but your right that this is the
> wrong place to check the GUID formating.

I'm not sure what do you want me to do since patches are tested already.

I think that WARN_ON() is a bit bogus. First of all, it can be easily
transformed to BUG()-equivalent with panic_on_oops and hence kill the
entire system. If we need the message about wrong GUID format, it should
be done elsewhere (modpost ?). I.o.w. we shan't expect that code,
controlled by us, shoots to our foot.

-- 
With Best Regards,
Andy Shevchenko


Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ