Re: Suggestion on "int len" sanity
From: Willy Tarreau
Date: Wed Jun 01 2005 - 15:54:41 EST
On Wed, Jun 01, 2005 at 09:06:33AM +0200, XIAO Gang wrote:
>
> I would like to make a security suggestion.
>
> There are many length variables in the kernel, locally declared as "len"
> or "length", either as "int", "unsigned int" or "size_t". However,
> declaring a length as "int" leads easily to an erroneous situation, as
> the author (or even a code checker) might make the implicite hypothesis
> that the length is positive, so that it is enough to make a sanity check
> of the kind
>
> if (length > limit) ERROR;
>
> which is not enough.
>
> On the other hand, when a variable is named "len" or "length", it is
> usually used for length and never should go negative. So could I suggest
> that the declarations of these variables to be uniformized to "size_t",
> via a gradual but sysmatic cleanup?
Probably true for most cases, but be careful of code which would use
-1 to report some errors if such thing exists.
Willy
-
To unsubscribe from this list: send the line "unsubscribe linux-kernel" in
the body of a message to majordomo@xxxxxxxxxxxxxxx
More majordomo info at http://vger.kernel.org/majordomo-info.html
Please read the FAQ at http://www.tux.org/lkml/