| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
Message-ID: <51355653.9090404@asianux.com>
Date: Tue, 05 Mar 2013 10:20:03 +0800
From: Chen Gang <gang.chen@...anux.com>
To: Jiri Slaby <jslaby@...e.cz>
CC: Jiri Kosina <jkosina@...e.cz>, isdn@...ux-pingi.de,
Greg KH <gregkh@...uxfoundation.org>, alan@...ux.intel.com,
netdev <netdev@...r.kernel.org>
Subject: Re: [PATCH] drivers/isdn: checkng length to be sure not memory overflow
于 2013年02月28日 21:43, Jiri Slaby 写道:
>
> Nah, there *are* still people using ISDN.
>
ok, thanks.
it seems, we need maintaining ISDN:
need fix bugs.
need not add new features.
need keep current features no touch.
> No, we cannot be sure that a user gives us less than that. Your patch
> just throws the rest to fix that overflow, right? What I'm saying I
> wouldn't fix more than that.
what you said is: this patch need improving, is it correct ?
if it is correct.
I still prefer to throw the rest contents (but need improving, too)
for maintaining, we need fix bug, but not need add new features
so what we should do:
a) fix the bug (should not memory overflow)
b) keep the original buffer length no touch
it is not sizeof(cmd.parm.cmsg.para) - 2)
it should be sizeof(cmd.param) - sizeof(cmd.param.cmsg) + sizeof(cmd.param.cmsg.para) - 2
c) need complete the relative document to export the limitation.
is it ok ?
(if it is not ok, welcome to provide suggestion or completion)
thanks.
:-)
--
Chen Gang
Asianux Corporation
--
To unsubscribe from this list: send the line "unsubscribe netdev" in
the body of a message to majordomo@...r.kernel.org
More majordomo info at http://vger.kernel.org/majordomo-info.html
Powered by blists - more mailing lists