Re: Fw: Buffer overflow in CIFS VFS.

public inbox for linux-kernel@vger.kernel.org
 help / color / mirror / Atom feed

From: Przemyslaw Wegrzyn <czajnik@czajsoft.pl>
To: Steve French <smfrench@gmail.com>
Cc: Andrew Morton <akpm@linux-foundation.org>,
	LKML <linux-kernel@vger.kernel.org>,
	joern@logfs.org, linux-cifs-client@lists.samba.org
Subject: Re: Fw: Buffer overflow in CIFS VFS.
Date: Sat, 10 Nov 2007 14:03:15 +0100	[thread overview]
Message-ID: <4735AC13.9030206@czajsoft.pl> (raw)
In-Reply-To: <524f69650711091444t4d02e6d8g7dd15dbe2637d714@mail.gmail.com>

Steve French wrote:
> below.   The obvious need is to create an SendReceive-NoResponse (or
> equivalent) which
> frees the SMB request buffer after send, and does not copy into an smb
> response buffer.  The following functions need to be changed to use
>   
How about modifying SendReceive to behave like that if NULL is passed as
output buffer ?

>> Obviously it is up to you, as a maintainer. I'd prefer adding a small
>> header to each buffer with the buffer size and perhaps a type, or even a
>> destructor function pointer. Simple macros could be used to obtain
>> buffer size, given the buffer body pointer, or to dispose the buffer.
>> That would save from checking the buffer type all over the code
>> explicitly, or even worse, make strange assumptions about the type of
>> buffer being passed - as we can see this is error-prone. That for a
>> little cost of a few additional bytes per buffer.
>>     
> That might be better, although without memory pools, this would perform
> much worse
>   
Why ? I don't get your point here.

Przemyslaw

next prev parent reply	other threads:[~2007-11-10 13:03 UTC|newest]

Thread overview: 7+ messages / expand[flat|nested]  mbox.gz  Atom feed  top
     [not found] <OFA6B04F1D.DE8E7DD9-ON8725738E.00065BC2-8625738E.00066CD4@us.ibm.com>
2007-11-09  2:12 ` Fw: Buffer overflow in CIFS VFS Steve French
2007-11-09 10:59   ` Przemyslaw Wegrzyn
2007-11-09 17:21     ` J. Bruce Fields
2007-11-09 22:44     ` Steve French
2007-11-10 13:03       ` Przemyslaw Wegrzyn [this message]
2007-11-10 19:54         ` Steve French
2007-11-11  0:22           ` Przemyslaw Wegrzyn

Reply instructions:

You may reply publicly to this message via plain-text email
using any one of the following methods:

* Save the following mbox file, import it into your mail client,
  and reply-to-all from there: mbox

  Avoid top-posting and favor interleaved quoting:
  https://en.wikipedia.org/wiki/Posting_style#Interleaved_style

* Reply using the --to, --cc, and --in-reply-to
  switches of git-send-email(1):

  git send-email \
    --in-reply-to=4735AC13.9030206@czajsoft.pl \
    --to=czajnik@czajsoft.pl \
    --cc=akpm@linux-foundation.org \
    --cc=joern@logfs.org \
    --cc=linux-cifs-client@lists.samba.org \
    --cc=linux-kernel@vger.kernel.org \
    --cc=smfrench@gmail.com \
    /path/to/YOUR_REPLY

  https://kernel.org/pub/software/scm/git/docs/git-send-email.html

* If your mail client supports setting the In-Reply-To header
  via mailto: links, try the mailto: link

Be sure your reply has a Subject: header at the top and a blank line before the message body.

This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox