[PATCH v3 2/3] KEYS: Avoid false positive ENOMEM error on key read

Waiman Long longman at redhat.com
Tue Mar 17 18:36:50 UTC 2020


On 3/15/20 5:32 PM, Jarkko Sakkinen wrote:
> On Fri, Mar 13, 2020 at 11:21:01AM -0400, Waiman Long wrote:
>> -		 * Read methods will just return the required length
>> -		 * without any copying if the provided length isn't big
>> -		 * enough.
>> +		 * We don't want an erronous -ENOMEM error due to an
>> +		 * arbitrary large user-supplied buflen. So if buflen
>> +		 * exceeds a threshold (1024 bytes in this case), we call
>> +		 * the read method twice. The first time to get the buffer
>> +		 * length and the second time to read out the key data.
>> +		 *
>> +		 * N.B. All the read methods will return the required
>> +		 *      buffer length with a NULL input buffer or when
>> +		 *      the input buffer length isn't large enough.
>>  		 */
>> +		if (buflen <= 0x400) {
> 1. The overwhelmingly long comment. Will be destined to rotten.
> 2. Magic number.
> 3. The cap must be updated both in comment and code, and not only
>    that, but the numbers use a different base (dec and hex).
>
> /Jarkko
>
Thank for the comment. I will make the necessary change.

Cheers,
Longman



More information about the Linux-security-module-archive mailing list