| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
Date: Wed, 6 Mar 2024 15:55:45 +0100 From: Eric Dumazet <edumazet@...gle.com> To: Jason Xing <kerneljasonxing@...il.com> Cc: Paolo Abeni <pabeni@...hat.com>, Gavrilov Ilia <Ilia.Gavrilov@...otecs.ru>, "David S. Miller" <davem@...emloft.net>, David Ahern <dsahern@...nel.org>, Jakub Kicinski <kuba@...nel.org>, "netdev@...r.kernel.org" <netdev@...r.kernel.org>, "linux-kernel@...r.kernel.org" <linux-kernel@...r.kernel.org>, "lvc-project@...uxtesting.org" <lvc-project@...uxtesting.org> Subject: Re: [PATCH net-next] tcp: fix incorrect parameter validation in the do_tcp_getsockopt() function On Wed, Mar 6, 2024 at 12:57 PM Jason Xing <kerneljasonxing@...il.com> wrote: > > Hello Paolo, > > On Wed, Mar 6, 2024 at 7:36 PM Paolo Abeni <pabeni@...hat.com> wrote: > > > > On Wed, 2024-03-06 at 09:57 +0000, Gavrilov Ilia wrote: > > > The 'len' variable can't be negative because all 'min_t' parameters > > > cast to unsigned int, and then the minimum one is chosen. > > > > The above is incorrect, as the 'len' variable is a signed integer > > The 'len' variable should be converted to the non-negative value as > this sentence: > > len = min_t(unsigned int, len, sizeof(int)); > > See the comments of min_t(): return minimum of two values, using the > specified type. > > After executing the above code, it doesn't make sense to test if 'len > < 0', I think. This is essentially dead (defensive ?) code. Most compilers optimize this completely, no big deal.
Powered by blists - more mailing lists