lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list] 
Date: Sun, 7 Jan 2024 12:48:11 +0300
From: Fedor Pchelkin <pchelkin@...ras.ru>
To: Vitaly Chikunov <vt@...linux.org>
Cc: Dominique Martinet <asmadeus@...ewreck.org>, 
	Christian Schoenebeck <linux_oss@...debyte.com>, Eric Van Hensbergen <ericvh@...nel.org>, 
	Latchesar Ionkov <lucho@...kov.net>, "David S. Miller" <davem@...emloft.net>, 
	Eric Dumazet <edumazet@...gle.com>, Jakub Kicinski <kuba@...nel.org>, 
	Paolo Abeni <pabeni@...hat.com>, v9fs@...ts.linux.dev, netdev@...r.kernel.org, 
	linux-kernel@...r.kernel.org, Alexey Khoroshilov <khoroshilov@...ras.ru>, 
	lvc-project@...uxtesting.org
Subject: Re: Re: [PATCH v4] net: 9p: avoid freeing uninit memory in
 p9pdu_vreadf

On 24/01/07 10:56AM, Vitaly Chikunov wrote:
> Dominique,
> 
> On Tue, Dec 12, 2023 at 08:21:30AM +0900, Dominique Martinet wrote:
> > Christian Schoenebeck wrote on Thu, Dec 07, 2023 at 01:54:02PM +0100:
> > > I just checked whether this could create a leak, but it looks clean, so LGTM:
> > 
> > Right, either version look good to me.
> 
> Also, there was unnoticed bug in v2[1] - `int i` is moved to outer block
> and `i` counld be used uninitialized inside of `if (errcode) {`.

Could you elaborate, please? As I can see, `i` could be used
uninitialized in `if (errcode) {` only when `*wnames` is not NULL. But
when `*wnames` is not NULL, then `i` is initialized in the `for` loop. It
is a bit tricky and not obvious from the first glance (and not the best
decision after all), so with Christian's advice the patch was rewritten
to v4 which was eventually accepted.

The bug you've noticed exists in v1 of the patch, not v2.

> Thanks,
> 
> [1] https://lore.kernel.org/all/20231205091952.24754-1-pchelkin@ispras.ru/

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ