subject:"Re\: \[PATCH v3 1\/4\] ozwpan\: Use proper check to prevent heap overflow"

Re: [PATCH v3 1/4] ozwpan: Use proper check to prevent heap overflow

2015-05-29 Thread Dan Carpenter

On Fri, May 29, 2015 at 05:20:52PM +0200, Jason A. Donenfeld wrote:
> On Fri, May 29, 2015 at 2:41 PM, Dan Carpenter  
> wrote:
> > Acked-by: Dan Carpenter 
> 
> Acked for the rest of the set too?

Yes.  Thanks.

regards,
dan carpenter

--
To unsubscribe from this list: send the line "unsubscribe linux-kernel" in
the body of a message to majord...@vger.kernel.org
More majordomo info at  http://vger.kernel.org/majordomo-info.html
Please read the FAQ at  http://www.tux.org/lkml/

Re: [PATCH v3 1/4] ozwpan: Use proper check to prevent heap overflow

2015-05-29 Thread Jason A. Donenfeld

On Fri, May 29, 2015 at 2:36 PM, Frans Klaver  wrote:
>
> I would say that it is because part of the expression has been placed
> inside parentheses:
>
> a - b + 1 == a - (b - 1)
>
> Guess it makes the decision logic slightly more readable.

Yes, exactly this. It's so that the bounding check conditional prior
looks identical to the actual subtraction, making it much easier to
read and verify.
--
To unsubscribe from this list: send the line "unsubscribe linux-kernel" in
the body of a message to majord...@vger.kernel.org
More majordomo info at  http://vger.kernel.org/majordomo-info.html
Please read the FAQ at  http://www.tux.org/lkml/

Re: [PATCH v3 1/4] ozwpan: Use proper check to prevent heap overflow

2015-05-29 Thread Jason A. Donenfeld

On Fri, May 29, 2015 at 2:41 PM, Dan Carpenter  wrote:
> Acked-by: Dan Carpenter 

Acked for the rest of the set too?
--
To unsubscribe from this list: send the line "unsubscribe linux-kernel" in
the body of a message to majord...@vger.kernel.org
More majordomo info at  http://vger.kernel.org/majordomo-info.html
Please read the FAQ at  http://www.tux.org/lkml/

Re: [PATCH v3 1/4] ozwpan: Use proper check to prevent heap overflow

2015-05-29 Thread Dan Carpenter

Oh.  Duh.  Of course.

Acked-by: Dan Carpenter 

regards,
dan carpenter

--
To unsubscribe from this list: send the line "unsubscribe linux-kernel" in
the body of a message to majord...@vger.kernel.org
More majordomo info at  http://vger.kernel.org/majordomo-info.html
Please read the FAQ at  http://www.tux.org/lkml/

Re: [PATCH v3 1/4] ozwpan: Use proper check to prevent heap overflow

2015-05-29 Thread Frans Klaver

Hi,

On Fri, May 29, 2015 at 2:00 PM, Dan Carpenter  wrote:
> On Fri, May 29, 2015 at 01:06:58PM +0200, Jason A. Donenfeld wrote:
>> --- a/drivers/staging/ozwpan/ozusbsvc1.c
>> +++ b/drivers/staging/ozwpan/ozusbsvc1.c
>> @@ -390,10 +390,15 @@ void oz_usb_rx(struct oz_pd *pd, struct oz_elt *elt)
>>   case OZ_GET_DESC_RSP: {
>>   struct oz_get_desc_rsp *body =
>>   (struct oz_get_desc_rsp *)usb_hdr;
>> - int data_len = elt->length -
>> - sizeof(struct oz_get_desc_rsp) + 1;
>> - u16 offs = le16_to_cpu(get_unaligned(&body->offset));
>> - u16 total_size =
>> + u16 offs, total_size;
>> + u8 data_len;
>> +
>> + if (elt->length < sizeof(struct oz_get_desc_rsp) - 1)
>> + break;
>> + data_len = elt->length -
>> + (sizeof(struct oz_get_desc_rsp) - 1);
>
> Gar...  I'm really sorry.  I wanted to Ack these and be done but why did
> the + 1 change to a - 1?  And I had the same question about the other
> patch as well.

I would say that it is because part of the expression has been placed
inside parentheses:

a - b + 1 == a - (b - 1)

Guess it makes the decision logic slightly more readable.

Frans
--
To unsubscribe from this list: send the line "unsubscribe linux-kernel" in
the body of a message to majord...@vger.kernel.org
More majordomo info at  http://vger.kernel.org/majordomo-info.html
Please read the FAQ at  http://www.tux.org/lkml/

Re: [PATCH v3 1/4] ozwpan: Use proper check to prevent heap overflow

2015-05-29 Thread Dan Carpenter

On Fri, May 29, 2015 at 01:06:58PM +0200, Jason A. Donenfeld wrote:
> --- a/drivers/staging/ozwpan/ozusbsvc1.c
> +++ b/drivers/staging/ozwpan/ozusbsvc1.c
> @@ -390,10 +390,15 @@ void oz_usb_rx(struct oz_pd *pd, struct oz_elt *elt)
>   case OZ_GET_DESC_RSP: {
>   struct oz_get_desc_rsp *body =
>   (struct oz_get_desc_rsp *)usb_hdr;
> - int data_len = elt->length -
> - sizeof(struct oz_get_desc_rsp) + 1;
> - u16 offs = le16_to_cpu(get_unaligned(&body->offset));
> - u16 total_size =
> + u16 offs, total_size;
> + u8 data_len;
> +
> + if (elt->length < sizeof(struct oz_get_desc_rsp) - 1)
> + break;
> + data_len = elt->length -
> + (sizeof(struct oz_get_desc_rsp) - 1);

Gar...  I'm really sorry.  I wanted to Ack these and be done but why did
the + 1 change to a - 1?  And I had the same question about the other
patch as well.

Sorry for the hassle and thanks for doing this work.

regarsd,
dan carpenter


--
To unsubscribe from this list: send the line "unsubscribe linux-kernel" in
the body of a message to majord...@vger.kernel.org
More majordomo info at  http://vger.kernel.org/majordomo-info.html
Please read the FAQ at  http://www.tux.org/lkml/

Re: [PATCH v3 1/4] ozwpan: Use proper check to prevent heap overflow

Re: [PATCH v3 1/4] ozwpan: Use proper check to prevent heap overflow

Re: [PATCH v3 1/4] ozwpan: Use proper check to prevent heap overflow

Re: [PATCH v3 1/4] ozwpan: Use proper check to prevent heap overflow

Re: [PATCH v3 1/4] ozwpan: Use proper check to prevent heap overflow

Re: [PATCH v3 1/4] ozwpan: Use proper check to prevent heap overflow

6 matches

Site Navigation

Mail list logo

Footer information