Re: [PATCH v3] ssb: Fix potential NULL pointer dereference in ssb_device_uevent

From: Rand Deeb
Date: Fri Mar 08 2024 - 07:11:33 EST

Next message: Stefan Berger: "Re: [PATCH v5 01/12] crypto: ecdsa - Convert byte arrays with key coordinates to digits"
Previous message: patchwork-bot+netdevbpf: "Re: [PATCH net 0/8] There are some bugfix for the HNS3 ethernet driver"
In reply to: Michael Büsch: "Re: [PATCH v3] ssb: Fix potential NULL pointer dereference in ssb_device_uevent"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

On Fri, Mar 8, 2024 at 4:05 AM James Dutton <james.dutton@xxxxxxxxx> wrote:
> The reason it is probably not a good design is what comes later.
> Another developer comes along and says I see a nice SUM(a, b);
> function that I would like to re-use in my new function I am adding.
> But that new developer introduces a bug whereby they have implemented
> their CHECK(a) wrongly which results in SUM(a, b) now being a security
> exploit point because of some very subtle bug in CHECK(a) that no one
> noticed initially.
> After a while, we might have ten functions that all re-use SUM(a, b)
> at which point it becomes too time consuming for someone to check all
> ten functions don't have bugs in their CHECK(a) steps.
> It is always easier for the safety checks to be done as close as
> possible to the potential exploit point (e.g. NULL pointer
> dereference) so that it catches all future cases of re-use of the
> function.
> For example, there exist today zero day exploits in the Linux wireless
> code that is due to the absence of these checks being done at the
> exploit point.
> The biggest problem with all this, is if I sutily (without wishing to
> give away that it is to fix a zero day exploit) submitted a patch to
> do an extra check in SUM(a, b) that I know prevents a zero day
> exploit, my patch would be rejected.

Hi James,

Thank you very much for your detailed and interesting interaction. In fact,
while I was writing the example, I expected such a comment :)

The example is just an explanation, do not take it literally, but it is
definitely better than the second method. Now, if the developer makes a
mistake using the function, this is possible, but this is not a convincing
reason to add redundant code everywhere. In addition mistakes could occur
in all scenarios.

I agree with you in general, but I will answer you in simple statements:

For this reason, modification permission should not be granted to anyone,
and for this reason there are reviewers and documentation. In the end,
Somehow, software engineering concepts are applied because this is one of
the most important projects and not a calculator project as homework for
the university.

Best Regards

Next message: Stefan Berger: "Re: [PATCH v5 01/12] crypto: ecdsa - Convert byte arrays with key coordinates to digits"
Previous message: patchwork-bot+netdevbpf: "Re: [PATCH net 0/8] There are some bugfix for the HNS3 ethernet driver"
In reply to: Michael Büsch: "Re: [PATCH v3] ssb: Fix potential NULL pointer dereference in ssb_device_uevent"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]