Suggestion on "int len" sanity

From: XIAO Gang
Date: Wed Jun 01 2005 - 02:07:51 EST

Next message: Serge Noiraud: "Re: RT : Large transfert with 2.6.12rc5+ realtime-preempt-2.6.12-rc5-V0.7.47-15"
Previous message: Grant Coady: "PATCH 2.4.31: update pci.ids 1of2"
Next in thread: Jörn Engel: "Re: Suggestion on "int len" sanity"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

I would like to make a security suggestion.

There are many length variables in the kernel, locally declared as "len" or "length", either as "int", "unsigned int" or "size_t". However, declaring a length as "int" leads easily to an erroneous situation, as the author (or even a code checker) might make the implicite hypothesis that the length is positive, so that it is enough to make a sanity check of the kind

if (length > limit) ERROR;

which is not enough.

On the other hand, when a variable is named "len" or "length", it is usually used for length and never should go negative. So could I suggest that the declarations of these variables to be uniformized to "size_t", via a gradual but sysmatic cleanup?

--

XIAO Gang (~{P$8U~}) xiao@xxxxxxxx
home page: pcmath126.unice.fr/xiao.html

-
To unsubscribe from this list: send the line "unsubscribe linux-kernel" in
the body of a message to majordomo@xxxxxxxxxxxxxxx
More majordomo info at http://vger.kernel.org/majordomo-info.html
Please read the FAQ at http://www.tux.org/lkml/

Next message: Serge Noiraud: "Re: RT : Large transfert with 2.6.12rc5+ realtime-preempt-2.6.12-rc5-V0.7.47-15"
Previous message: Grant Coady: "PATCH 2.4.31: update pci.ids 1of2"
Next in thread: Jörn Engel: "Re: Suggestion on "int len" sanity"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]