linux-kernel.vger.kernel.org archive mirror
 help / color / mirror / Atom feed
From: "Ahmed S. Darwish" <darwish.07@gmail.com>
To: "Jakob Oestergaard" <jakob@unthought.net>
Cc: "Casey Schaufler" <casey@schaufler-ca.com>,
	akpm@osdl.org, torvalds@osdl.org,
	linux-security-module@vger.kernel.org,
	linux-kernel@vger.kernel.org, "Al Viro" <viro@ftp.linux.org.uk>
Subject: Re: [PATCH] Smackv10: Smack rules grammar + their stateful parser(2)
Date: Sat, 10 Nov 2007 21:45:06 +0200	[thread overview]
Message-ID: <1865922a0711101145g768fe96p74b400e31f4120a1@mail.gmail.com> (raw)
In-Reply-To: <20071110170557.GA21977@unthought.net>

On Nov 10, 2007 7:05 PM, Jakob Oestergaard <jakob@unthought.net> wrote:
> ...
> > I've double-checked the code for any possible off-by-one/overflow
> > errors.
> ...
>
> Two things caught my eye.
>
> ...
> > +             case bol:
> > +             case subject:
> > +                     if (*label_len >= SMK_MAXLEN)
> > +                             goto out;
> > +                     subjectstr[(*label_len)++] = data[i];
>
> Why is the '>' necessary?  Could it happen that you had incremented past the
> point of equality?
>
> If that could not happen, then in my oppinion '>=' is very misleading when '=='
> is really what is needed.
>

Indeed, you're absolutely right.

> ...
> > +             case object:
> > +                     if (*prevstate == blank) {
> > +                             subjectstr[*label_len] = '\0';
> > +                             *label_len = 0;
> > +                     }
>
> I wonder why it is valid to uncritically use the already incremented label_len
> here, without checking its value (like is done above).
>
> It seems strangely asymmetrical. I'm not saying it's wrong, because there may
> be a subtle reason as to why it's not, but if that's the case then I think that
> subtle reason should be documented with a comment.
>

Maximum value label_len could reach is "SMK_MAXLEN". The subjectstr
and objectstr arrays are of "SMK_MAXLEN + 1" length. So I think no
danger is here.

Yes, this deserved a comment.

> ...
> > +             case access:
> > +                     if (*prevstate == blank) {
> > +                             objectstr[*label_len] = '\0';
> > +                             *label_len = 0;
> > +                     }
>
> Same applies here.
>
>  / jakob
>

Good spots, thanks a lot for the review.

Regards,

-- 
Ahmed S. Darwish
Homepage: http://darwish.07.googlepages.com
Blog: http://darwish-07.blogspot.com

  reply	other threads:[~2007-11-10 19:45 UTC|newest]

Thread overview: 50+ messages / expand[flat|nested]  mbox.gz  Atom feed  top
2007-11-02 20:50 [PATCH] Version 10 (2.6.24-rc1) Smack: Simplified Mandatory Access Control Kernel Casey Schaufler
2007-11-03 16:43 ` [PATCH] Smackv10: Smack rules grammar + their stateful parser Ahmed S. Darwish
2007-11-03 18:30   ` Kyle Moffett
2007-11-03 22:12     ` Ahmed S. Darwish
2007-11-04 12:28   ` Pavel Machek
2007-11-04 13:23     ` Ahmed S. Darwish
2007-11-04 16:37       ` Casey Schaufler
2007-11-05  9:41     ` Ahmed S. Darwish
2007-11-05 16:21       ` Linus Torvalds
2007-11-05 21:56         ` Tetsuo Handa
2007-11-06 10:00           ` Adrian Bunk
2007-11-06 12:27             ` Tetsuo Handa
2007-11-06 13:58               ` Adrian Bunk
2007-11-06 14:32                 ` Tetsuo Handa
2007-11-06 14:59                   ` Adrian Bunk
2007-11-06 15:27                     ` Tetsuo Handa
2007-11-06 22:42                       ` Adrian Bunk
2007-11-05 23:38         ` Ahmed S. Darwish
2007-11-06  8:06         ` Adrian Bunk
2007-11-06 15:39           ` Linus Torvalds
2007-11-06 23:00             ` Adrian Bunk
2007-11-06 23:08               ` Linus Torvalds
2007-11-07  0:07                 ` Adrian Bunk
2007-11-07  0:27                   ` Linus Torvalds
2007-11-07  0:43                     ` Adrian Bunk
2007-11-07  1:03                       ` Tetsuo Handa
2007-11-07  1:06                       ` Linus Torvalds
2007-11-07  1:59                         ` Adrian Bunk
2007-11-07  4:09                           ` Linus Torvalds
2007-11-07 15:08                           ` Alan Cox
2007-11-04 20:06   ` Ahmed S. Darwish
2007-11-05  0:56   ` [PATCH] Smackv10: Smack rules grammar + their stateful parser(2) Ahmed S. Darwish
2007-11-10 17:05     ` Jakob Oestergaard
2007-11-10 19:45       ` Ahmed S. Darwish [this message]
2007-11-11 12:44     ` Pavel Machek
2007-11-11 18:37       ` Ahmed S. Darwish
2007-11-06  6:33   ` [PATCH] Smackv10: Smack rules grammar + their stateful parser Adrian Bunk
2007-11-06  8:26     ` Kyle Moffett
2007-11-06  8:56       ` Adrian Bunk
2007-11-06 11:02         ` Alan Cox
2007-11-06 11:34         ` Ahmed S. Darwish
2007-11-06 11:47           ` Adrian Bunk
2007-11-06 12:23             ` Ahmed S. Darwish
2007-11-06 12:49               ` Kyle Moffett
2007-11-06 13:34                 ` Adrian Bunk
2007-11-06 14:05                   ` Ahmed S. Darwish
2007-11-06 14:10                     ` Adrian Bunk
2007-11-06 14:30                       ` Ahmed S. Darwish
2007-11-06 15:53                 ` Linus Torvalds
2007-11-07 10:56                   ` [PATCH] Fix isspace() and other ctype.h functions to ignore chars 128-255 Kyle Moffett

Reply instructions:

You may reply publicly to this message via plain-text email
using any one of the following methods:

* Save the following mbox file, import it into your mail client,
  and reply-to-all from there: mbox

  Avoid top-posting and favor interleaved quoting:
  https://en.wikipedia.org/wiki/Posting_style#Interleaved_style

* Reply using the --to, --cc, and --in-reply-to
  switches of git-send-email(1):

  git send-email \
    --in-reply-to=1865922a0711101145g768fe96p74b400e31f4120a1@mail.gmail.com \
    --to=darwish.07@gmail.com \
    --cc=akpm@osdl.org \
    --cc=casey@schaufler-ca.com \
    --cc=jakob@unthought.net \
    --cc=linux-kernel@vger.kernel.org \
    --cc=linux-security-module@vger.kernel.org \
    --cc=torvalds@osdl.org \
    --cc=viro@ftp.linux.org.uk \
    /path/to/YOUR_REPLY

  https://kernel.org/pub/software/scm/git/docs/git-send-email.html

* If your mail client supports setting the In-Reply-To header
  via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for NNTP newsgroup(s).