| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
Message-ID: <4EAC49D7.2060609@intra2net.com>
Date: Sat, 29 Oct 2011 20:45:43 +0200
From: Thomas Jarosch <thomas.jarosch@...ra2net.com>
To: Marek Lindner <lindner_marek@...oo.de>
CC: b.a.t.m.a.n@...ts.open-mesh.org, netdev@...r.kernel.org
Subject: Logic bug in B.A.T.M.A.N. advanced driver
Hi Marek,
Consider this code from "net/batman-adv/bitarray.c":
int bit_get_packet(void *priv, unsigned long *seq_bits,
int32_t seq_num_diff, int set_mark)
{
...
if ((seq_num_diff >= TQ_LOCAL_WINDOW_SIZE)
|| (seq_num_diff < EXPECTED_SEQNO_RANGE)) {
bat_dbg(DBG_BATMAN, bat_priv,
"We missed a lot of packets (%i) !\n",
seq_num_diff - 1);
bit_reset_window(seq_bits);
if (set_mark)
bit_mark(seq_bits, 0);
return 1;
}
-----------------------------------
The defines from "main.h":
#define TQ_LOCAL_WINDOW_SIZE 64
#define EXPECTED_SEQNO_RANGE 65536
So that if() statement will translate to:
-----------------------------------
if ((seq_num_diff >= 64)
|| (seq_num_diff < 65536)) {
-----------------------------------
and this will always evaluate to true.
Detected by "cppcheck":
"[net/batman-adv/bitarray.c:157]: (warning) Mutual exclusion over ||
always evaluates to true. Did you intend to use && instead?"
Cheers,
Thomas
--
To unsubscribe from this list: send the line "unsubscribe netdev" in
the body of a message to majordomo@...r.kernel.org
More majordomo info at http://vger.kernel.org/majordomo-info.html
Powered by blists - more mailing lists