lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening PHC | |
Open Source and information security mailing list archives
| ||
|
Date: Sun, 6 Feb 2022 10:34:11 -0800 From: Linus Torvalds <torvalds@...ux-foundation.org> To: Kees Cook <keescook@...omium.org> Cc: Alexander Popov <alex.popov@...ux.com>, Peter Zijlstra <peterz@...radead.org>, Thomas Gleixner <tglx@...utronix.de>, Josh Poimboeuf <jpoimboe@...hat.com>, Borislav Petkov <bp@...en8.de>, Masahiro Yamada <masahiroy@...nel.org>, linux-kernel@...r.kernel.org, linux-hardening@...r.kernel.org Subject: Re: [PATCH 2/3] gcc-plugins/stackleak: Exactly match strings instead of prefixes On Sun, Feb 6, 2022 at 9:45 AM Kees Cook <keescook@...omium.org> wrote: > > + return !strncmp(TREE_STRING_POINTER(node), string, length); Why is this "strncmp()"? That makes no sense when you've just checked the exact lengths of both sides. You're not comparing strings any more, you've already checked the end of the string - you are comparing memory contents. So make it just do a "memcmp()". > +#define STRING_EQUAL(node, str) string_equal(node, str, strlen(str)) .. and please change this name too, since it's not comparing two strings. The first argument is something else entirely. It's checking the node value of a section, give it some name related to that. I do also get the feeling that the nodes should actually be checked to be a STRING_CST rather than these blind TREE_VALUE() following things, but I don't really know the rules for gcc plugin internals very well - or at all, really. Linus
Powered by blists - more mailing lists