> + th.td_id = ntohs(*(u16 *) (blob));
> + th.td_flags = ntohs(*(u16 *) (blob + 2));
> + th.td_lolen = ntohl(*(u32 *) (blob + 8));
Use cpu_to and _to_cpu functions for here so it is clear the intended
direction and endianness.
> +
> +static inline int aa_inbounds(struct aa_ext *e, size_t size)
> +{
> + return (e->pos + size <= e->end);
> +}
Can e->pos + size ever overflow. If so this check isn't safe.
> + * aa_unpack_profile - unpack a serialized profile
> + * @e: serialized data extent information
> + * @error: error code returned if unpacking fails
> + */
> +static struct aa_profile *aa_unpack_profile(struct aa_ext *e)
> +{
> + struct aa_profile *profile = NULL;
> +
> + /* get optional subprofiles */
> + if (aa_is_nameX(e, AA_LIST, "hats")) {
> + while (!aa_is_nameX(e, AA_LISTEND, NULL)) {
> + struct aa_profile *subprofile;
> + subprofile = aa_unpack_profile(e);
> + if (IS_ERR(subprofile)) {
What bounds recursion here on invalid input ?
-
To unsubscribe from this list: send the line "unsubscribe linux-kernel" in
the body of a message to [email protected]
More majordomo info at http://vger.kernel.org/majordomo-info.html
Please read the FAQ at http://www.tux.org/lkml/
[Index of Archives]
[Kernel Newbies]
[Netfilter]
[Bugtraq]
[Photo]
[Stuff]
[Gimp]
[Yosemite News]
[MIPS Linux]
[ARM Linux]
[Linux Security]
[Linux RAID]
[Video 4 Linux]
[Linux for the blind]
[Linux Resources]
