| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
Date: Fri, 20 Jan 2017 12:27:42 +0000
From: David Laight <David.Laight@...LAB.COM>
To: 'Jiri Benc' <jbenc@...hat.com>, Paul Blakey <paulb@...lanox.com>
CC: Stephen Hemminger <stephen@...workplumber.org>,
"netdev@...r.kernel.org" <netdev@...r.kernel.org>,
Jiri Pirko <jiri@...lanox.com>,
Or Gerlitz <ogerlitz@...lanox.com>,
Roi Dayan <roid@...lanox.com>,
Simon Horman <simon.horman@...ronome.com>
Subject: RE: [PATCH net-next V4] tc: flower: Refactor matching flags to be
more user friendly
From: Of Jiri Benc
> Sent: 19 January 2017 14:22
> On Thu, 19 Jan 2017 16:17:48 +0200, Paul Blakey wrote:
> > + while (token) {
> > + if (!strncmp(token, "no", 2)) {
> > + no = true;
> > + token = strchr(token, '_') + 1;
>
> This seems to still assume that "no" is followed by an underscore.
> What about a simple token += 2?
Actually it was rather worse than that and probably shows a
distinct lack of testing.
Consider what happened with "no", "nofubar" and "nofubar_baz",
all ought to be rejected.
Actually using strncmp() is also overkill.
Nothing wrong with:
if (token[0] == 'n' && token[1] == 'o' && token[2]) {
no = true;
token += 2;
if (token[0] == '_' && token[1])
token++;
...
or replace the last 3 lines with:
token += 2 + (token[2] == '_' & token[3]);
David
Powered by blists - more mailing lists