lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [<thread-prev] [day] [month] [year] [list] 
Date: Thu, 27 Jul 2023 13:24:53 +0200
From: Simon Horman <simon.horman@...igine.com>
To: Dan Carpenter <dan.carpenter@...aro.org>
Cc: Gerrit Renker <gerrit@....abdn.ac.uk>,
	"David S. Miller" <davem@...emloft.net>,
	Eric Dumazet <edumazet@...gle.com>,
	Jakub Kicinski <kuba@...nel.org>, Paolo Abeni <pabeni@...hat.com>,
	dccp@...r.kernel.org, netdev@...r.kernel.org,
	kernel-janitors@...r.kernel.org
Subject: Re: [PATCH net] dccp: Allocate enough data in
 ccid_get_builtin_ccids()

On Wed, Jul 26, 2023 at 04:45:03PM +0300, Dan Carpenter wrote:
> On Wed, Jul 26, 2023 at 03:00:37PM +0200, Simon Horman wrote:
> > On Wed, Jul 26, 2023 at 02:56:01PM +0200, Simon Horman wrote:
> > > On Wed, Jul 26, 2023 at 01:47:02PM +0300, Dan Carpenter wrote:
> > > > This is allocating the ARRAY_SIZE() instead of the number of bytes.  The
> > > > array size is 1 or 2 depending on the .config and it should allocate
> > > > 8 or 16 bytes instead.
> > > > 
> > > > Fixes: ddebc973c56b ("dccp: Lockless integration of CCID congestion-control plugins")
> > > > Signed-off-by: Dan Carpenter <dan.carpenter@...aro.org>
> > > 
> > > Reviewed-by: Simon Horman <simon.horman@...igine.com>
> > 
> > Sorry, I was a bit hasty there.
> > 
> > > > --- a/net/dccp/ccid.c
> > > > +++ b/net/dccp/ccid.c
> > > > @@ -48,7 +48,8 @@ bool ccid_support_check(u8 const *ccid_array, u8 array_len)
> > > >   */
> > > >  int ccid_get_builtin_ccids(u8 **ccid_array, u8 *array_len)
> > > >  {
> > > > -       *ccid_array = kmalloc(ARRAY_SIZE(ccids), gfp_any());
> > > > +       *ccid_array = kmalloc_array(ARRAY_SIZE(ccids), sizeof(*ccid_array),
> > > > +                                   gfp_any());
> > 
> > The type of *ccid_array is u8.
> > But shouldn't this be something more like sizeof(struct ccid_operations)
> > or sizeof(ccids[0]) ?
> 
> Aw crud.  Actually the code is fine isn't it.  I thought it was saving
> pointers but actually it's saving char.  *Embarrassing*.

Yeah, looking at this with fresh eyes, I see that you are right.
Let's drop this one.

-- 
pw-bot: rejected

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ