On Saturday 01 April 2006 04:35, Mitchell Blank Jr wrote: > * I also changed "size" to be unsigned since that makes more sense and > is less prone to overflow bugs. I'm also a little scared by the > "kmalloc(6 * size)" since that type of call is a classic multiply-overflow > security hole (hence libc's calloc() API). However "size" is constrained > by fdt->max_fdset so I think it isn't exploitable. The kernel doesn't > have an overflow-safe API for kmalloc'ing arrays, does it? kcalloc. But it's slow since it memsets. -Andi - To unsubscribe from this list: send the line "unsubscribe linux-ia64" in the body of a message to majordomo@vger.kernel.org More majordomo info at http://vger.kernel.org/majordomo-info.htmlReceived on Sat Apr 01 13:44:56 2006
This archive was generated by hypermail 2.1.8 : 2006-04-01 13:45:07 EST