diff for duplicates of <a5515efeaad94666a87f264dbf65bdbd@gmail.com> diff --git a/a/1.txt b/N1/1.txt index a439c23..7b08031 100644 --- a/a/1.txt +++ b/N1/1.txt @@ -19,7 +19,8 @@ This commit fixes or improves a conglomeration of related issues: * The confusion of string lengths for string sizes. OPIOCNEXTPROP -====== +============= + According to NetBSD's documentation, this ioctl is supposed to return a property's *name*. However, until this commit, it has returned a property's *value*; this commit implements the return @@ -29,7 +30,8 @@ In addition, the 'op_buflen' field is now also updated, whereas before it was not. Conversions -===== +=========== + There are a number of different integer types used throughout this code to represent the size of some buffer; this commit introduces some checks to help ensure that these conversions will succeed, or @@ -37,7 +39,8 @@ at least to help ensure that bad conversions will be handled in a meaningful way. Nul-Termination -======= +=============== + Faulty PROMs ------------ @@ -75,7 +78,8 @@ addition, where applicable, strlen() is used to determine a length, rather than relying on a user-supplied value. String Size -===== +=========== + There is an important distinction to be made between the following: * A nul-terminated string's size @@ -202,8 +206,8 @@ index 30b9751aad30..9bc2877aa09a 100644 + if (get_user(oprom_size, &info->oprom_size)) return -EFAULT; -- if (bufsize = 0) -+ if (oprom_size = 0) +- if (bufsize == 0) ++ if (oprom_size == 0) return -EINVAL; + static_assert(SIZE_MAX >= UINT_MAX); @@ -343,7 +347,7 @@ index 30b9751aad30..9bc2877aa09a 100644 - return copyout(argp, op, sizeof(int)); + goto nothing; + - if (op->oprom_array[0] = '\0') { + if (op->oprom_array[0] == '\0') { prop = dp->properties; - if (!prop) - return copyout(argp, op, sizeof(int)); @@ -448,7 +452,7 @@ index 30b9751aad30..9bc2877aa09a 100644 + const size_t size = 1 + strlen(buf); + unsigned int uint_size; + -+ if (unlikely(size = 0)) ++ if (unlikely(size == 0)) + return -EFAULT; // overflow - if (len > bufsize) @@ -481,7 +485,7 @@ index 30b9751aad30..9bc2877aa09a 100644 bufsize = copyin(argp, &opp); + #ifdef CONFIG_DEBUG_KERNEL -+ if (WARN_ON(bufsize = 0)) ++ if (WARN_ON(bufsize == 0)) + bufsize = -EFAULT; + #enif + @@ -496,7 +500,7 @@ index 30b9751aad30..9bc2877aa09a 100644 - if ((ssize_t)len < 0 || (ssize_t)(len + 1) < 0) + // Is this test even necessary? Surely, memdup_user_nul() + // will fail to allocate space in this condition. -+ if (len = SIZE_MAX) ++ if (len == SIZE_MAX) return ERR_PTR(-EINVAL); return memdup_user_nul(user, len); @@ -554,7 +558,7 @@ index 30b9751aad30..9bc2877aa09a 100644 + name_size = 0; + else { + name_size = 1 + strlen(prop->name); -+ if (unlikely(name_size = 0)) ++ if (unlikely(name_size == 0)) + return -EFAULT; // overflow + } + diff --git a/a/content_digest b/N1/content_digest index a527672..04cd837 100644 --- a/a/content_digest +++ b/N1/content_digest @@ -1,6 +1,6 @@ "From\0Michael Witten <mfwitten@gmail.com>\0" "Subject\0[RFC] openprom: Fix 'opiocnextprop'; ensure integer conversions; use string size\0" - "Date\0Fri, 04 Sep 2020 19:40:00 +0000\0" + "Date\0Fri, 04 Sep 2020 19:40:00 -0000\0" "To\0sparclinux@vger.kernel.org" " linux-kernel@vger.kernel.org\0" "\00:1\0" @@ -26,7 +26,8 @@ " * The confusion of string lengths for string sizes.\n" "\n" "OPIOCNEXTPROP\n" - "======\n" + "=============\n" + "\n" "According to NetBSD's documentation, this ioctl is supposed to\n" "return a property's *name*. However, until this commit, it has\n" "returned a property's *value*; this commit implements the return\n" @@ -36,7 +37,8 @@ "before it was not.\n" "\n" "Conversions\n" - "=====\n" + "===========\n" + "\n" "There are a number of different integer types used throughout this\n" "code to represent the size of some buffer; this commit introduces\n" "some checks to help ensure that these conversions will succeed, or\n" @@ -44,7 +46,8 @@ "meaningful way.\n" "\n" "Nul-Termination\n" - "=======\n" + "===============\n" + "\n" "Faulty PROMs\n" "------------\n" "\n" @@ -82,7 +85,8 @@ "length, rather than relying on a user-supplied value.\n" "\n" "String Size\n" - "=====\n" + "===========\n" + "\n" "There is an important distinction to be made between the following:\n" "\n" " * A nul-terminated string's size\n" @@ -209,8 +213,8 @@ "+\tif (get_user(oprom_size, &info->oprom_size))\n" " \t\treturn -EFAULT;\n" " \n" - "-\tif (bufsize = 0)\n" - "+\tif (oprom_size = 0)\n" + "-\tif (bufsize == 0)\n" + "+\tif (oprom_size == 0)\n" " \t\treturn -EINVAL;\n" " \n" "+\tstatic_assert(SIZE_MAX >= UINT_MAX);\n" @@ -350,7 +354,7 @@ "-\t\treturn copyout(argp, op, sizeof(int));\n" "+\t\tgoto nothing;\n" "+\n" - " \tif (op->oprom_array[0] = '\\0') {\n" + " \tif (op->oprom_array[0] == '\\0') {\n" " \t\tprop = dp->properties;\n" "-\t\tif (!prop)\n" "-\t\t\treturn copyout(argp, op, sizeof(int));\n" @@ -455,7 +459,7 @@ "+\tconst size_t size = 1 + strlen(buf);\n" "+\tunsigned int uint_size;\n" "+\n" - "+\tif (unlikely(size = 0))\n" + "+\tif (unlikely(size == 0))\n" "+\t\treturn -EFAULT; // overflow\n" " \n" "-\tif (len > bufsize)\n" @@ -488,7 +492,7 @@ " \t\tbufsize = copyin(argp, &opp);\n" " \n" "+\t#ifdef CONFIG_DEBUG_KERNEL\n" - "+\t\tif (WARN_ON(bufsize = 0))\n" + "+\t\tif (WARN_ON(bufsize == 0))\n" "+\t\t\tbufsize = -EFAULT;\n" "+\t#enif\n" "+\n" @@ -503,7 +507,7 @@ "-\tif ((ssize_t)len < 0 || (ssize_t)(len + 1) < 0)\n" "+\t// Is this test even necessary? Surely, memdup_user_nul()\n" "+\t// will fail to allocate space in this condition.\n" - "+\tif (len = SIZE_MAX)\n" + "+\tif (len == SIZE_MAX)\n" " \t\treturn ERR_PTR(-EINVAL);\n" " \n" " \treturn memdup_user_nul(user, len);\n" @@ -561,7 +565,7 @@ "+\t\tname_size = 0;\n" "+\telse {\n" "+\t\tname_size = 1 + strlen(prop->name);\n" - "+\t\tif (unlikely(name_size = 0))\n" + "+\t\tif (unlikely(name_size == 0))\n" "+\t\t\treturn -EFAULT; // overflow\n" "+\t}\n" "+\n" @@ -632,4 +636,4 @@ "-- \n" 2.22.0 -26193fce2835f3b236a7de6ef6fee49e8092478394fa7a2ac5bc3e31614fd7ad +6d71025e4d6a5cc58ea150a594bb423347936cb6b18494e265363e548be6ded4
This is an external index of several public inboxes, see mirroring instructions on how to clone and mirror all data and code used by this external index.