| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
Message-ID: <20180624195751.GM19151@ziepe.ca>
Date: Sun, 24 Jun 2018 13:57:51 -0600
From: Jason Gunthorpe <jgg@...pe.ca>
To: Leon Romanovsky <leon@...nel.org>
Cc: Doug Ledford <dledford@...hat.com>,
Leon Romanovsky <leonro@...lanox.com>,
RDMA mailing list <linux-rdma@...r.kernel.org>,
Hadar Hen Zion <hadarh@...lanox.com>,
Matan Barak <matanb@...lanox.com>,
Michael J Ruhl <michael.j.ruhl@...el.com>,
Noa Osherovich <noaos@...lanox.com>,
Raed Salem <raeds@...lanox.com>,
Yishai Hadas <yishaih@...lanox.com>,
Saeed Mahameed <saeedm@...lanox.com>,
linux-netdev <netdev@...r.kernel.org>
Subject: Re: [PATCH rdma-next 06/12] RDMA/uverbs: Don't overwrite NULL
pointer with ZERO_SIZE_PTR
On Sun, Jun 24, 2018 at 11:23:47AM +0300, Leon Romanovsky wrote:
> From: Leon Romanovsky <leonro@...lanox.com>
>
> Number of specs is provided by user and in valid case can be equal to zero.
> Such argument causes to call to kcalloc() with zero-length request and in
> return the ZERO_SIZE_PTR is assigned. This pointer is different from NULL
> and makes various if (..) checks to success.
The one seems really weird. There is nothing wrong with ZERO_SIZE_PTR,
but this description and fix suggest that something did
ptr = kalloc(0);
ptr[0] = ...;
Which is not allowed of course. Doesn't this mean there is also a
missing range check someplace?
Jason
Powered by blists - more mailing lists