lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite for Android: free password hash cracker in your pocket
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list] 
Date:	Wed, 17 Dec 2008 11:54:32 -0500
From:	Steven Rostedt <srostedt@...hat.com>
To:	Andi Kleen <andi@...stfloor.org>
Cc:	Tejun Heo <tj@...nel.org>, George Spelvin <linux@...izon.com>,
	peterz@...radead.org, linux-kernel@...r.kernel.org
Subject: Re: [RFC] globmatch() helper function


On Wed, 2008-12-17 at 17:51 +0100, Andi Kleen wrote:
> > OK, lets compromise with WARN_ON_ONCE() ;-)
> 
> I don't think WARN_ON is the right way to handle bad user input.
> It implies that when someone typos the result might end up in Arjan's 
> kerneloops.org database, which is not good.


Since I recommended an internal helper function, we could have:

int globmatch(const char *pat, const char *str)
{
	int ret;

	ret = globmatch_internal(pat, str, 0);
	if (ret < 0)
		WARN_ON();
	return ret;
}

int globmatch_user(const char *pat, const char *str)
{
	return globmatch_internal(pat, str, 0);
}


This would warn on if a kernel user caused the overflow, and also gives
a function that user space input could use, that would not warn on
overflow.

-- Steve


--
To unsubscribe from this list: send the line "unsubscribe linux-kernel" in
the body of a message to majordomo@...r.kernel.org
More majordomo info at  http://vger.kernel.org/majordomo-info.html
Please read the FAQ at  http://www.tux.org/lkml/

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ