| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
Date: Tue, 14 Jun 2016 14:36:41 -0600
From: subashab@...eaurora.org
To: Heinrich Schuchardt <xypron.glpk@....de>
Cc: eric.dumazet@...il.com, netdev@...r.kernel.org,
netdev-owner@...r.kernel.org
Subject: Re: [RFC] Handle error writing UINT_MAX to u32 fields
On 2016-06-12 20:30, subashab@...eaurora.org wrote:
>> The suggested change would extend the usable range of positive numbers
>> by one bit only. As many systems are 64 bit this does not seem forward
>> looking.
>>
>> I would prefer to have a routine that can handle 64 bit integers with
>> limits (let's call it proc_doint64vec_minmax) which uses fields extra1
>> and extra2 of ctl_table as min and max.
>>
>> Then set xfrm_table[].extra1 = 0 and xfrm_table[].extra2 = UINT_MAX if
>> you need a result in the u32 range.
>>
>
> Thanks Heinrich. Do you think we can use proc_doulongvec_minmax for
> this?
Actually proc_doulongvec_minmax does not work here.
I would expect similar problems due to casting if we use u64
(proc_doint64vec_minmax) here.
static int __do_proc_doulongvec_minmax(void *data, struct ctl_table
*table, int write,
{
unsigned long *i, *min, *max;
int vleft, first = 1, err = 0;
i = (unsigned long *) data; //This cast is causing to read beyond the
size of data (u32)
min = (unsigned long *) table->extra1;
max = (unsigned long *) table->extra2;
vleft = table->maxlen / sizeof(unsigned long); //vleft is 0 because
maxlen is sizeof(u32) which is lesser than sizeof(unsigned long) on
x86_64.
--
Qualcomm Innovation Center, Inc.
The Qualcomm Innovation Center, Inc. is a member of the Code Aurora
Forum, a Linux Foundation Collaborative Project.
Powered by blists - more mailing lists