lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list]
Message-ID: <CAKU6vyY3WjVwTK5Tcp2W93DefjJMreZjhtudNHBALns=6bK9Jw@mail.gmail.com>
Date:	Wed, 23 Nov 2011 09:04:11 -0500
From:	Xi Wang <xi.wang@...il.com>
To:	Alan Cox <alan@...rguk.ukuu.org.uk>
Cc:	linux-kernel@...r.kernel.org, Joerg Reuter <jreuter@...na.de>,
	Ralf Baechle <ralf@...ux-mips.org>,
	David Miller <davem@...emloft.net>, linux-hams@...r.kernel.org,
	netdev@...r.kernel.org
Subject: Re: [PATCH 1/2] ax25: integer overflows in ax25_setsockopt()

All these magic numbers come from net/ax25/sysctl_net_ax25.c, where
min/max values of each field are set for sysctl.  Is it okay to use
them?

- xi

On Wed, Nov 23, 2011 at 5:44 AM, Alan Cox <alan@...rguk.ukuu.org.uk> wrote:
>>       case AX25_T1:
>> -             if (opt < 1) {
>> +             if (opt < 1 || opt > 30) {
>
> Where do these values come from ? If they are from some 'standard' then
> really we should avoid restricting needlessly to it, particularly as
> AX.25 isn't well defined and is used for all sorts of crazy stuff where
> the usual range of settings isn't useful.
>
> Restricting to the point it would overflow makes sense however.
>
> Alan
>
>
--
To unsubscribe from this list: send the line "unsubscribe netdev" in
the body of a message to majordomo@...r.kernel.org
More majordomo info at  http://vger.kernel.org/majordomo-info.html

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ