lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [<thread-prev] [day] [month] [year] [list] 
Message-ID: <20251222105955.16440B52-hca@linux.ibm.com>
Date: Mon, 22 Dec 2025 11:59:55 +0100
From: Heiko Carstens <hca@...ux.ibm.com>
To: Alexander Gordeev <agordeev@...ux.ibm.com>
Cc: Thorsten Blum <thorsten.blum@...ux.dev>,
        Gerald Schaefer <gerald.schaefer@...ux.ibm.com>,
        Vasily Gorbik <gor@...ux.ibm.com>,
        Christian Borntraeger <borntraeger@...ux.ibm.com>,
        Sven Schnelle <svens@...ux.ibm.com>, linux-s390@...r.kernel.org,
        linux-kernel@...r.kernel.org
Subject: Re: [PATCH] s390/cmm: Account for NUL when calculating 'len' in
 cmm_timeout_handler

On Thu, Dec 18, 2025 at 08:57:24AM +0100, Alexander Gordeev wrote:
> On Mon, Dec 15, 2025 at 01:22:14PM +0100, Thorsten Blum wrote:
> > When the input length 'lenp' equals sizeof(buf), the current code copies
> > all 64 bytes, but then immediately overwrites the last byte with a NUL
> > terminator. Limit the number of bytes to copy to 'sizeof(buf) - 1' to
> > reserve space for the NUL terminator.
> 
> I see you point, but can not see much of the benefit. Besides,
> to me buf[len] = '\0' rings like a past-end-of-the-buffer access
> (although it is not, it feels like that on a cursory look).
> 
> > Signed-off-by: Thorsten Blum <thorsten.blum@...ux.dev>
> > ---
> >  arch/s390/mm/cmm.c | 4 ++--
> >  1 file changed, 2 insertions(+), 2 deletions(-)
> > 
> > diff --git a/arch/s390/mm/cmm.c b/arch/s390/mm/cmm.c
> > index eb7ef63fab1e..06512bc178a5 100644
> > --- a/arch/s390/mm/cmm.c
> > +++ b/arch/s390/mm/cmm.c
> > @@ -311,9 +311,9 @@ static int cmm_timeout_handler(const struct ctl_table *ctl, int write,
> >  	}
> >  
> >  	if (write) {
> > -		len = min(*lenp, sizeof(buf));
> > +		len = min(*lenp, sizeof(buf) - 1);
> >  		memcpy(buf, buffer, len);
> > -		buf[len - 1] = '\0';
> > +		buf[len] = '\0';

Well, I don't see any point at all: the compiler is able to tell the
same and may or may not generate code accordingly to what this patch
tries to improve. This patch is pointless.

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ