lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list] 
Message-ID: <7e61b9e3.e7d98.1898ba72993.Coremail.linma@zju.edu.cn>
Date: Tue, 25 Jul 2023 14:05:35 +0800 (GMT+08:00)
From: "Lin Ma" <linma@....edu.cn>
To: "Leon Romanovsky" <leon@...nel.org>
Cc: kuba@...nel.org, davem@...emloft.net, edumazet@...gle.com, 
	pabeni@...hat.com, ast@...nel.org, martin.lau@...nel.org, yhs@...com, 
	void@...ifault.com, andrii@...nel.org, houtao1@...wei.com, 
	inwardvessel@...il.com, kuniyu@...zon.com, songliubraving@...com, 
	netdev@...r.kernel.org, linux-kernel@...r.kernel.org, 
	bpf@...r.kernel.org
Subject: Re: [PATCH v2] bpf: Add length check for
 SK_DIAG_BPF_STORAGE_REQ_MAP_FD parsing

Hello Leon,

> 
> My concern is related to maintainability in long run. Your check adds
> another layer of cabal knowledge which will be copied/pasted in other
> places.
> 
> Thanks
> 

Yeah, I guess you are right. I guess I should not just *fix* this issue
but also think of the maintainability. The very first idea pop into my
mind is to complete the necessary nla_policy hence the invalid nlattrs
could be rejected at the very first place.

Will spend more time on this.

Regards
Lin

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ