| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
Date: Thu, 27 Jun 2024 08:50:40 +0200 From: Markus Elfring <Markus.Elfring@....de> To: Ma Ke <make24@...as.ac.cn>, linux-kselftest@...r.kernel.org, Amer Al Shanawany <amer.shanawany@...il.com>, Andrew Morton <akpm@...ux-foundation.org>, Andy Lutomirski <luto@...nel.org>, Kees Cook <kees@...nel.org>, Muhammad Usama Anjum <usama.anjum@...labora.com>, Shuah Khan <shuah@...nel.org>, Swarup Laxman Kotiaklapudi <swarupkotikalapudi@...il.com> Cc: LKML <linux-kernel@...r.kernel.org> Subject: Re: [PATCH v2] selftests/capabilities: Fix possible file leak in copy_fromat_to > … openat() and open() initialize > 'from' and 'to', and only 'from' validated with 'if' statement. Why do you find such information helpful? > If the > initialization of variable 'to' fails, The variable assignment will usually succeed. A stored return value would eventually indicate a failed function call. > we should better check the value > of 'to' and close 'from' to avoid possible file leak. Improve the checking > of 'from' additionally. Please split desired changes into separate update steps. https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/tree/Documentation/process/submitting-patches.rst?h=v6.10-rc5#n168 How do you think about to use a summary phrase like “Complete error handling in copy_fromat_to()”? … > --- > Changes in v2: > - modified the patch according to suggestions; > - found by customized static analysis tool. > --- * Would you like to replace a duplicate marker line by a blank line? * I would appreciate further information about the applied tool. Regards, Markus
Powered by blists - more mailing lists