| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening PHC | |
|
Open Source and information security mailing list archives
| ||
|
Date: Tue, 21 Oct 2014 21:39:08 -0400 (EDT) From: David Miller <davem@...emloft.net> To: sasha.levin@...cle.com Cc: a.ryabinin@...sung.com, pablo@...filter.org, mschmidt@...hat.com, akpm@...ux-foundation.org, linux-kernel@...r.kernel.org, netdev@...r.kernel.org Subject: Re: [PATCH] netlink: don't copy over empty attribute data From: Sasha Levin <sasha.levin@...cle.com> Date: Tue, 21 Oct 2014 16:51:09 -0400 > netlink uses empty data to seperate different levels. However, we still > try to copy that data from a NULL ptr using memcpy, which is an undefined > behaviour. > > Signed-off-by: Sasha Levin <sasha.levin@...cle.com> This isn't a POSIX C library, this it the Linux kernel, and as such we can make sure none of our memcpy() implementations try to access any bytes if the given length is NULL. And to be quite honest, there is no benefit whatsoever nor even the possibility of using that "undefined behavior" flexibility to do anthing. This is because every memcpy() implementation must be sure not to access past the end of either source or destination buffer. And the one and only way to do that is to respect the length. I'm not applying this, because the basis for which this is claimed to be a bug fix is quite bogus in my opinion. Sorry. -- To unsubscribe from this list: send the line "unsubscribe netdev" in the body of a message to majordomo@...r.kernel.org More majordomo info at http://vger.kernel.org/majordomo-info.html
Powered by blists - more mailing lists