* Tetsuo Handa (penguin-ker...@i-love.sakura.ne.jp) wrote:
> Mathieu Desnoyers wrote:
> > -   if (used_address && used_address->name_len == msg_sys->msg_namelen &&
> > -       !memcmp(&used_address->name, msg->msg_name,
> > +   if (used_address && msg_sys->msg_name &&
> > +       used_address->name_len == msg_sys->msg_namelen &&
> > +       !memcmp(&used_address->name, msg_sys->msg_name,
> 
> My mistake. I thought I have typed msg_sys->msg_name .
> Thank you for catching this.

You're welcome.

> 
> > Note that msg_sys can be set to NULL by verify_compat_iovec()
> > or verify_iovec(), which requires additional NULL pointer checks.
> 
> You meant msg_sys->msg_name can be set to NULL, didn't you?

Yes,

> I think msg_sys->msg_name != NULL if msg_sys->msg_namelen != 0.
> Therefore, I think memcpy()/memcmp() are safe without NULL pointer checks.

Yes, that should be fine (just confirmed it by reviewing
verify_*iovec(), but I did not want to take any chances in my fix
implementation. Please feel free to remove the unnecessary checks if
they end up being unrequired. I went for the "obviously safe" approach.

Thanks,

Mathieu

-- 
Mathieu Desnoyers
Operating System Efficiency R&D Consultant
EfficiOS Inc.
http://www.efficios.com

_______________________________________________
stable mailing list
stable@linux.kernel.org
http://linux.kernel.org/mailman/listinfo/stable

Reply via email to