[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: [Xen-devel] [PATCH] xen/build-id: Fix xen_build_id_check() to be robust against malformed notes

On Mon, Dec 31, 2018 at 05:34:25PM +0000, Andrew Cooper wrote:
> A NT_GNU_BUILD_ID with namesz longer than 4 will cause the strncmp() to use
> bytes in adjacent stringtable entries.
> Instead, check for namesz exactly equal to 4, and use memcmp() with an
> explicit size.
> Signed-off-by: Andrew Cooper <andrew.cooper3@xxxxxxxxxx>

This LGTM:

Reviewed-by: Roger Pau Monné <roger.pau@xxxxxxxxxx>

Albeit I wonder the usefulness of some of the checks performed by this

I'm not sure the point of the 'n->namesz + n->descsz < n->namesz'
check, I assume this is an overflow check. And then 'n->namesz +
n->descsz > n_sz - sizeof(*n)' should rather be 'n->namesz + n->descsz
!= n_sz - sizeof(*n)' I think.

Thanks, Roger.

Xen-devel mailing list



Lists.xenproject.org is hosted with RackSpace, monitoring our
servers 24x7x365 and backed by RackSpace's Fanatical Support®.