| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
Message-ID: <a2240894-1fd0-3444-fd77-a1112ca2b85e@intel.com> Date: Wed, 30 Nov 2022 14:17:42 -0800 From: Jacob Keller <jacob.e.keller@...el.com> To: <maxdev@...teo.de>, <netdev@...r.kernel.org> CC: <BenBE@...hi.org>, <github@...ykng.de> Subject: Re: [PATCH] Ensure check of nlmsg length is performed before actual access On 11/30/2022 2:09 PM, maxdev@...teo.de wrote: > During a brief code review we noticed that the length field expected > inside the payload of the message is accessed before it is ensured that > the payload is large enough to actually hold this field. > > The people mentioned in the commit message helped in the overall code > review. > > Kind regards, > Max Hi, Typically patches would be sent directly as plain text in the email content, and not as an attachment. As this is a fix, you would also typically determine what commit this fixes, and add a "Fixes:" trailer to indicate this. You should also have the subject include either "net" or "net-next" along with PATCH inside the []. As for the patch contents itself, Linux still follows C89 rules for declarations, and you should leave "int len" at the top of the scope, but assign it after the validation check as you do. Thanks, Jake
Powered by blists - more mailing lists