lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite for Android: free password hash cracker in your pocket
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list] 
Message-ID: <f18653bd-f9a2-8a87-49a5-f682038a8477@mojatatu.com>
Date:   Sat, 23 May 2020 06:32:16 -0400
From:   Jamal Hadi Salim <jhs@...atatu.com>
To:     Daniel Borkmann <daniel@...earbox.net>, stephen@...workplumber.org
Cc:     netdev@...r.kernel.org, dsahern@...il.com, aclaudi@...hat.com,
        asmadeus@...ewreck.org
Subject: Re: [PATCH iproute2 v3 0/2] bpf: memory access fixes

On 2020-05-22 9:33 p.m., Daniel Borkmann wrote:
> On 5/18/20 3:00 PM, Jamal Hadi Salim wrote:
>> ping?
>>
>> Note: these are trivial bug fixes.
> 
> Looking at c0325b06382c ("bpf: replace snprintf with asprintf when 
> dealing with long buffers"),
> I wonder whether it's best to just revert and redo cleanly from 
> scratch.. How much testing has
> been performed on the original patch? We know it is causing regressions, 
> and looking Jamal's
> 2nd patch we do have patterns all over the place wrt error path that go 
> like:

Reverting c0325b06382c would work as well..

Note: I believe Andrea's original goal was to just get rid of a
compiler warning from sprintf(). Stephen suggested to use
asprintf. Andrea's original solution to get rid of the compiler
warning would suffice. Maybe then an additional code audit to
ensure consistency on usage of s[n]printf could be done and
resolved separately.

Thanks for taking the time Daniel.

cheers,
jamal

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ