lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [thread-next>] [day] [month] [year] [list] 
Date:	Mon, 13 Aug 2007 15:29:07 +0400
From:	Alexey Dobriyan <adobriyan@...ru>
To:	akpm@...l.org, satyam@...radead.org
Cc:	linux-kernel@...r.kernel.org
Subject: 2.6.23-rc2-mm2: strtol_check_range patches

Andrew please drop
	introduce-strtol_check_range-fix.patch
	introduce-strtol_check_range.patch
from -mm.

strtol_check_range() semantics is broken, because caller can't distinguish
-E from valid negative number if he wants to negative integers. Comment
mentions this, but we don't want to such horrible and not well thought
out function to lib/ .

If anything it should be strtonum() with additional trailing '\n' check.

+ * Do not use this to convert numbers that are allowed to be negative.
+ */
+long strtol_check_range(const char *cp, long min, long max, unsigned int base)
+{
+       long ret;
+       char *p = (char *) cp;
+
+       WARN_ON(min < 0);
+       WARN_ON(max < min);
+
+       ret = simple_strtol(p, &p, base);
+
+       if (*p && (*p != '\n'))
+               return -EINVAL;
+       if ((ret < min) || (ret > max))
+               return -EINVAL;
+
+       return ret;
+}

-
To unsubscribe from this list: send the line "unsubscribe linux-kernel" in
the body of a message to majordomo@...r.kernel.org
More majordomo info at  http://vger.kernel.org/majordomo-info.html
Please read the FAQ at  http://www.tux.org/lkml/

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ