lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list] 
Message-ID: <00bdcfec-6cc1-e521-ceaa-d16d6341ca16@wanadoo.fr>
Date:   Tue, 5 Sep 2023 07:27:47 +0200
From:   Marion & Christophe JAILLET <christophe.jaillet@...adoo.fr>
To:     Herbert Xu <herbert@...dor.apana.org.au>
Cc:     Longfang Liu <liulongfang@...wei.com>,
        "David S. Miller" <davem@...emloft.net>,
        Zaibo Xu <xuzaibo@...wei.com>, linux-kernel@...r.kernel.org,
        kernel-janitors@...r.kernel.org, linux-crypto@...r.kernel.org
Subject: Re: [PATCH] crypto: hisilicon/hpre - Fix a erroneous check after
 snprintf()


Le 05/09/2023 à 04:27, Herbert Xu a écrit :
> On Mon, Sep 04, 2023 at 10:17:29PM +0200, Christophe JAILLET wrote:
>> This error handling looks really strange.
>> Check if the string has been truncated instead.
>>
>> Fixes: 02ab994635eb ("crypto: hisilicon - Fixed some tiny bugs of HPRE")
>> Signed-off-by: Christophe JAILLET <christophe.jaillet@...adoo.fr>
>> ---
>>   drivers/crypto/hisilicon/hpre/hpre_main.c | 2 +-
>>   1 file changed, 1 insertion(+), 1 deletion(-)
>>
>> diff --git a/drivers/crypto/hisilicon/hpre/hpre_main.c b/drivers/crypto/hisilicon/hpre/hpre_main.c
>> index 39297ce70f44..db44d889438a 100644
>> --- a/drivers/crypto/hisilicon/hpre/hpre_main.c
>> +++ b/drivers/crypto/hisilicon/hpre/hpre_main.c
>> @@ -1033,7 +1033,7 @@ static int hpre_cluster_debugfs_init(struct hisi_qm *qm)
>>   
>>   	for (i = 0; i < clusters_num; i++) {
>>   		ret = snprintf(buf, HPRE_DBGFS_VAL_MAX_LEN, "cluster%d", i);
>> -		if (ret < 0)
>> +		if (ret >= HPRE_DBGFS_VAL_MAX_LEN)
>>   			return -EINVAL;
>>   		tmp_d = debugfs_create_dir(buf, qm->debug.debug_root);
> Who is going to free the allocated memory in case of error?

Not sure to understand.

The memory is allocated with devm_kzalloc(), so it will be freed by the 
framework.

Some debugfs dir of file way be left around. Is it what your are talking 
about?

>
> The other snprintf in the same file also looks suspect.

It looks correct to me.

And HPRE_DBGFS_VAL_MAX_LEN being 20, it doesn't really matter. The 
string can't be truncated with just a "%u\n".

CJ

>
> Thanks,

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ