| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
Date: Mon, 29 May 2017 08:57:22 +0200
From: Bartosz Golaszewski <brgl@...ev.pl>
To: Andy Shevchenko <andy.shevchenko@...il.com>
Cc: Linus Walleij <linus.walleij@...aro.org>,
Alexandre Courbot <gnurou@...il.com>,
Bamvor Jian Zhang <bamvor.zhangjian@...aro.org>,
"linux-gpio@...r.kernel.org" <linux-gpio@...r.kernel.org>,
"linux-kernel@...r.kernel.org" <linux-kernel@...r.kernel.org>
Subject: Re: [PATCH 05/10] gpio: mockup: improve the debugfs input sanitization
2017-05-27 18:47 GMT+02:00 Andy Shevchenko <andy.shevchenko@...il.com>:
> On Sat, May 27, 2017 at 7:45 PM, Andy Shevchenko
> <andy.shevchenko@...il.com> wrote:
>> On Thu, May 25, 2017 at 11:33 AM, Bartosz Golaszewski <brgl@...ev.pl> wrote:
>>> We're currently only checking the first character of the input to the
>>> debugfs event files, so a string like '0sdfdsf' is valid and indicates
>>> a falling edge event.
>>>
>>> Be more strict and only allow '0', '1', '0\n' & '1\n'.
>>
>> Why not to be so strict and use
>>
>> kstrtobool_from_user();
>>
>> instead?
>
Because it doesn't really make sense here - we're indicating a RISING
or FALLING edge event. This doesn't really correspond well with
boolean values IMO.
> Or if you still wish to be strict,
> ret = kstrtou8_from_user();
> if (ret)
> return ret;
>
> if (val > 1)
> return -ERANGE;
>
> or alike.
This one looks good, I'll include it in v2.
Thanks,
Bartosz
Powered by blists - more mailing lists