| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
Message-ID: <1623861.1719875266@famine>
Date: Mon, 01 Jul 2024 16:07:46 -0700
From: Jay Vosburgh <jay.vosburgh@...onical.com>
To: Jakub Kicinski <kuba@...nel.org>
cc: 'Simon Horman' <horms@...nel.org>,
"David S. Miller" <davem@...emloft.net>,
Eric Dumazet <edumazet@...gle.com>, Paolo Abeni <pabeni@...hat.com>,
Andy Gospodarek <andy@...yhouse.net>,
Ding Tianhong <dingtianhong@...wei.com>,
Hangbin Liu <liuhangbin@...il.com>,
Sam Sun <samsun1006219@...il.com>, netdev@...r.kernel.org
Subject: Re: [PATCH net v5] bonding: Fix out-of-bounds read in
bond_option_arp_ip_targets_set()
Jakub Kicinski <kuba@...nel.org> wrote:
>On Sun, 30 Jun 2024 14:20:55 +0100 'Simon Horman' wrote:
>> + if (!(strlen(newval->string)) ||
>
>The extra brackets made me look, this really feels like it wants to be
>written as:
>
> if (!newval->string[0] ||
>
>or:
>
> if (strlen(newval->string) < 1 ||
I find the second option clearer, FWIW. This isn't in a hot
path, and including strlen() in there makes it more obvious to my
reading what the intent is. The size_t return from strlen() is
unsigned, so we really want to test the return value for zero-ness.
-J
---
-Jay Vosburgh, jay.vosburgh@...onical.com
Powered by blists - more mailing lists