lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [<thread-prev] [day] [month] [year] [list] 
Date:	Wed, 2 Mar 2011 10:05:38 +0200
From:	Alexey Dobriyan <adobriyan@...il.com>
To:	Andrew Morton <akpm@...ux-foundation.org>
Cc:	linux-kernel@...r.kernel.org, geert@...ux-m68k.org,
	jj@...osbits.net, arnd@...db.de
Subject: Re: [PATCH] kstrto*: converting strings to integers done
 (hopefully) right

On Tue, Mar 01, 2011 at 03:24:55PM -0800, Andrew Morton wrote:
> On Sat, 26 Feb 2011 14:47:08 +0200
> Alexey Dobriyan <adobriyan@...il.com> wrote:

> > Use kstrto*() in code today!
> 
> If you can stomach perl, please prepare a checkpatch patch which alerts
> people to the new regime.

Ehh, checkpatch was updated.
	scripts/checkpatch.pl        |    4

> >  Let's merge this into mainline, so I can send individual patches
> >  to subsystem maintainers. Whole tree is already converted locally.
> 
> Talk to us about the tighter checking.  There's a risk here that
> current userspace which "works" will cease to work if we add additional
> input checking. Even if that userspace was broken and
> just-happened-to-work, adding additional checks might cause disruption?

What strict_ family of functions errorneously does is to not check for
integer overflow in the result, so it'll happily eat a very long string
full of _valid_ digits: "0xffffffffffffffffffffffffffffffffffffffffffff"
will be converted to unsigned long even if it doesn't fit.
But people don't use such long strings, so the risk is low.

Also, kstrto*() allow to use leading '+' for positive values,
which is not restriction.

The rest should be the same.
--
To unsubscribe from this list: send the line "unsubscribe linux-kernel" in
the body of a message to majordomo@...r.kernel.org
More majordomo info at  http://vger.kernel.org/majordomo-info.html
Please read the FAQ at  http://www.tux.org/lkml/

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ