lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
Open Source and information security mailing list archives
| ||
|
Message-ID: <523330e4-cbd7-62a6-9368-417534ddb0b6@suse.com> Date: Thu, 14 Apr 2022 09:31:56 +0200 From: Oliver Neukum <oneukum@...e.com> To: Dan Carpenter <dan.carpenter@...cle.com>, David Kahurani <k.kahurani@...il.com> CC: netdev@...r.kernel.org, syzbot <syzbot+d3dbdf31fbe9d8f5f311@...kaller.appspotmail.com>, davem@...emloft.net, jgg@...pe.ca, kuba@...nel.org, linux-kernel@...r.kernel.org, linux-usb@...r.kernel.org, Phillip Potter <phil@...lpotter.co.uk>, syzkaller-bugs@...glegroups.com, arnd@...db.de, Pavel Skripkin <paskripkin@...il.com> Subject: Re: [PATCH] net: ax88179: add proper error handling of usb read errors On 13.04.22 17:32, Dan Carpenter wrote: > > Bug: buffer partially filled. Information leak. > > If you return the bytes then the only correct way to write error > handling is: > > if (ret < 0) > return ret; > if (ret != size) > return -EIO; > You have to make up your mind on whether you ever need to read answer of a length not known before you try it. The alternative of passing a pointer to an integer for length is worse. Regards Oliver
Powered by blists - more mailing lists