[PATCH v3 2/3] KEYS: Avoid false positive ENOMEM error on key read
Waiman Long
longman at redhat.com
Tue Mar 17 18:36:50 UTC 2020
On 3/15/20 5:32 PM, Jarkko Sakkinen wrote:
> On Fri, Mar 13, 2020 at 11:21:01AM -0400, Waiman Long wrote:
>> - * Read methods will just return the required length
>> - * without any copying if the provided length isn't big
>> - * enough.
>> + * We don't want an erronous -ENOMEM error due to an
>> + * arbitrary large user-supplied buflen. So if buflen
>> + * exceeds a threshold (1024 bytes in this case), we call
>> + * the read method twice. The first time to get the buffer
>> + * length and the second time to read out the key data.
>> + *
>> + * N.B. All the read methods will return the required
>> + * buffer length with a NULL input buffer or when
>> + * the input buffer length isn't large enough.
>> */
>> + if (buflen <= 0x400) {
> 1. The overwhelmingly long comment. Will be destined to rotten.
> 2. Magic number.
> 3. The cap must be updated both in comment and code, and not only
> that, but the numbers use a different base (dec and hex).
>
> /Jarkko
>
Thank for the comment. I will make the necessary change.
Cheers,
Longman
More information about the Linux-security-module-archive
mailing list