| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
Date: Tue, 05 Mar 2013 10:34:55 +0100 From: Jiri Slaby <jslaby@...e.cz> To: Chen Gang <gang.chen@...anux.com> CC: Jiri Kosina <jkosina@...e.cz>, isdn@...ux-pingi.de, Greg KH <gregkh@...uxfoundation.org>, alan@...ux.intel.com, netdev <netdev@...r.kernel.org> Subject: Re: [PATCH] drivers/isdn: checkng length to be sure not memory overflow On 03/05/2013 03:20 AM, Chen Gang wrote: > 于 2013年02月28日 21:43, Jiri Slaby 写道: >> >> Nah, there *are* still people using ISDN. >> > > ok, thanks. > > it seems, we need maintaining ISDN: > need fix bugs. > need not add new features. > need keep current features no touch. > > >> No, we cannot be sure that a user gives us less than that. Your patch >> just throws the rest to fix that overflow, right? What I'm saying I >> wouldn't fix more than that. > > what you said is: this patch need improving, is it correct ? > if it is correct. > I still prefer to throw the rest contents (but need improving, too) > for maintaining, we need fix bug, but not need add new features > so what we should do: > a) fix the bug (should not memory overflow) > b) keep the original buffer length no touch > it is not sizeof(cmd.parm.cmsg.para) - 2) > it should be sizeof(cmd.param) - sizeof(cmd.param.cmsg) + sizeof(cmd.param.cmsg.para) - 2 > c) need complete the relative document to export the limitation. > > is it ok ? Yes, it is -- just fix the bug with minimal effort. -- js suse labs -- To unsubscribe from this list: send the line "unsubscribe netdev" in the body of a message to majordomo@...r.kernel.org More majordomo info at http://vger.kernel.org/majordomo-info.html
Powered by blists - more mailing lists