Re: [GIT PULL] Fix for Integrity subsystem null pointer deref
From: Dan Carpenter
Date: Wed Oct 29 2014 - 14:36:32 EST
On Wed, Oct 29, 2014 at 09:23:45AM -0700, Andy Lutomirski wrote:
> I have no idea what the semantics are. All I'm saying is that it
> looks like the code still accesses memory past the end of the buffer.
> The buffer isn't a null pointer, so the symptom is different, but it
> may still be a security bug.
>
> --Andy
It only reads one byte into the struct "xattr_data->type" so checking
for non-zero is sufficient and the patch is fine.
I fixed that exact same bug in lustre last week where the xattr size is
not zero but it's less than the size of the struct. So this seems like
maybe it could be a common anti-pattern though.
regards,
dan carpenter
--
To unsubscribe from this list: send the line "unsubscribe linux-kernel" in
the body of a message to majordomo@xxxxxxxxxxxxxxx
More majordomo info at http://vger.kernel.org/majordomo-info.html
Please read the FAQ at http://www.tux.org/lkml/