lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list]
Message-ID: <48AF1CE8.8020203@opengridcomputing.com>
Date:	Fri, 22 Aug 2008 15:09:12 -0500
From:	Steve Wise <swise@...ngridcomputing.com>
To:	Andrew Morton <akpm@...ux-foundation.org>
CC:	kxie@...lsio.com, netdev@...r.kernel.org,
	open-iscsi@...glegroups.com, linux-scsi@...r.kernel.org,
	linux-kernel@...r.kernel.org, jgarzik@...ox.com,
	davem@...emloft.net, michaelc@...wisc.edu, rdreier@...co.com,
	daisyc@...ibm.com, wenxiong@...ibm.com, bhua@...ibm.com,
	divy@...lsio.com, dm@...lsio.com, leedom@...lsio.com
Subject: Re: [PATCH 1/4 2.6.28] cxgb3 - manage a private ip address for iSCSI

Andrew Morton wrote:
> On Fri, 22 Aug 2008 14:17:18 -0500
> Steve Wise <swise@...ngridcomputing.com> wrote:
>
>   
>> Andrew Morton wrote:
>>     
>>>> +	unsigned long octet;
>>>> +	const char *parse = buf;
>>>> +	char *endp;
>>>> +	int i;
>>>> +
>>>> +	for (i = 1; i <= 4; i++) {
>>>> +		octet = simple_strtoul(parse, &endp, 10);
>>>> +		if (endp == buf || octet > 255 ||
>>>> +		    (i < 4 && *endp != '.') ||
>>>> +		    (i == 4 && *endp != '\0' && *endp != '\n'))
>>>> +			return -EINVAL;
>>>> +		a = (a << 8) | octet;
>>>> +		parse = endp+1;
>>>> +	}
>>>> +	pi->iscsi_ipaddr = htonl(a);
>>>> +	return endp-buf;
>>>> +}
>>>>     
>>>>         
>>> This appears to be taking a dotted quad ipv4 address in ascii form,
>>> turning it into a u32 while performing checking?
>>>
>>> Surely we have a library function somewhere in networking which does
>>> this?  If not, I'd suggest writing one. 
>>>
>>>   
>>>       
>> try in_aton() from include/linux/inet.h.
>>
>>     
>
> yeah.  But that function is a crock.  No error checking at all!
>   

Oh you want error checking?

:)

Yea if this is a user/sysadmin supplied value, then we need a rubust 
inet_aton() in the kernel to validate it...


--
To unsubscribe from this list: send the line "unsubscribe linux-kernel" in
the body of a message to majordomo@...r.kernel.org
More majordomo info at  http://vger.kernel.org/majordomo-info.html
Please read the FAQ at  http://www.tux.org/lkml/

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ