#nixos-on-your-router on 2021-02-01

2019-08-19 13:17 eyJhb changed the topic of #nixos-on-your-router to: NixOS on your Router || https://logs.nix.samueldr.com/nixos-on-your-router

01:34 gchristensen has joined #nixos-on-your-router

01:34 {^_^} has joined #nixos-on-your-router

01:47 gchristensen has quit [Quit: WeeChat 2.9]

01:47 {^_^} has quit [Remote host closed the connection]

01:49 gchristensen has joined #nixos-on-your-router

01:49 {^_^} has joined #nixos-on-your-router

03:57 v0|d has quit [Ping timeout: 272 seconds]

07:58 teto has quit [Quit: WeeChat 3.0]

08:25 <NinjaTrappeur> ttps://store.alternativebit.fr/84e46a167e0dc55b90e70dacdf619007afcec5a92db6d61fdf99b3610a73d20e-UjwWiEY.png

08:25 <NinjaTrappeur> https://store.alternativebit.fr/84e46a167e0dc55b90e70dacdf619007afcec5a92db6d61fdf99b3610a73d20e-UjwWiEY.png

08:25 <NinjaTrappeur> Famous last words :P

08:34 <NinjaTrappeur> hexa-: everytime I dig into that codebase, it ends up being a pretty unpleasant experience. It always makes me uneasy to know so much of the ecosystem relies on that piece of software.

08:46 <NinjaTrappeur> WTF: https://github.com/NixOS/nixpkgs/pull/111498#issuecomment-770682814

08:46 <NinjaTrappeur> ^ does anybody here have an answer to that?

09:59 <hexa-> NinjaTrappeur: anything suspicious about that particular line?

10:06 <NinjaTrappeur> I was confused by the not-NULLed initializer.

10:07 <NinjaTrappeur> It was NULLed before this patch.

10:08 <NinjaTrappeur> After investigating this, it does not seem that we use this NULL anywhere. We loop through the capabilities using num_item.

10:09 <NinjaTrappeur> The part that still confuses me is the fact the capabilities array get init. to NULL here https://www.spinics.net/lists/hostap/msg06611.html while it does not there: https://w1.fi/cgit/hostap/patch/?id=7800725afb27397f7d6033d4969e2aeb61af4737

10:09 <hexa-> ah lol

10:09 <NinjaTrappeur> I was confused: both patches are claiming to come from the same email. andi- suggested the maintainer might have altered the patch.

10:10 <NinjaTrappeur> As long as we do not use NULL in any way to detect the boundary of the array, we'lle be ok.

10:10 <hexa-> yep, quite plausible

10:10 <hexa-> as long as we apply upstream patches :)

10:11 <andi-> that being all said I think the code is actually fine the way it is written. It is just a maint. burden I wouldn't want to have when mainting it..

10:11 <NinjaTrappeur> Paranoid me added a note to my local git checkout to double check we still do not rely on NULL for boundary detection before next release.

10:11 <NinjaTrappeur> yeah, sure. I was mostly worried about a vulnerability injected upstream here.

10:15 <andi-> as long as num_items fits into credentials we are fine as the function reading from the array actually doesn't check for NULL termination but takes the count

10:17 <andi-> It is a bit unfortunate that the array is the first thing on the stack as that means you could read/write into the other local variables but those aren't used after/while the array is written/send.

11:12 flokli has joined #nixos-on-your-router

11:16 <hexa-> https://github.com/NixOS/nixpkgs/pull/111531

11:16 <{^_^}> #111531 (by peterhoeg, 2 hours ago, open): firewall: support multicast

11:17 <hexa-> can we have more opinions here? I think a blanked multicast/broadcast accept feels a bit odd.

11:17 <hexa-> s/blanked/blanket/

18:10 thefloweringash has quit [Ping timeout: 244 seconds]

18:24 thefloweringash has joined #nixos-on-your-router

20:18 higebu_ has joined #nixos-on-your-router

20:26 higebu has quit [*.net *.split]

20:26 dtz has quit [*.net *.split]

20:26 higebu_ is now known as higebu

20:36 dtz has joined #nixos-on-your-router