| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
Message-ID: <5fecc08a-c3b7-4745-abc9-0f5b4de03c22@web.de>
Date: Mon, 1 Jul 2024 15:01:15 +0200
From: Markus Elfring <Markus.Elfring@....de>
To: Haoxiang Li <make24@...as.ac.cn>, samba-technical@...ts.samba.org,
linux-cifs@...r.kernel.org, kernel-janitors@...r.kernel.org,
Bharath SM <bharathsm@...rosoft.com>, Paulo Alcantara <pc@...guebit.com>,
Ronnie Sahlberg <ronniesahlberg@...il.com>,
Shyam Prasad N <sprasad@...rosoft.com>, Steve French <sfrench@...ba.org>,
Tom Talpey <tom@...pey.com>
Cc: LKML <linux-kernel@...r.kernel.org>
Subject: Re: [PATCH] fs: smb: client: Add missing check for kstrdup()
> Add check for kstrdup() in smb3_reconfigure in order to guarantee
checks? calls? ()
> the success of allocation.
I suggest to take further patch/code review concerns better into account.
…
> Signed-off-by: Haoxiang Li <make24@...as.ac.cn>
Will requirements be reconsidered once more for the Developer's Certificate of Origin?
https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/tree/Documentation/process/submitting-patches.rst?h=v6.10-rc6#n398
How do you think about to use a summary phrase like “Complete error handling
in smb3_reconfigure()”?
…
> +++ b/fs/smb/client/fs_context.c
> @@ -920,6 +920,8 @@ static int smb3_reconfigure(struct fs_context *fc)
> ses->password = kstrdup(ctx->password, GFP_KERNEL);
> kfree_sensitive(ses->password2);
> ses->password2 = kstrdup(ctx->password2, GFP_KERNEL);
> + if (!ses->password || !ses->password2)
> + return ERR_PTR(rc);
> }
…
How do you think about to avoid also a memory leak here?
Regards,
Markus
Powered by blists - more mailing lists