| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
Message-Id: <20081121155421.152cc555.akpm@linux-foundation.org> Date: Fri, 21 Nov 2008 15:54:21 -0800 From: Andrew Morton <akpm@...ux-foundation.org> To: Pavel Machek <pavel@...e.cz> Cc: rpurdie@...ys.net, linux-kernel@...r.kernel.org Subject: Re: backlight: catch invalid input On Fri, 21 Nov 2008 12:14:14 +0100 Pavel Machek <pavel@...e.cz> wrote: > > Currently, echo > brightness turns brightness to zero due to > insufficient checking. Add a test to catch that. > OK. And what happens if you do echo wibble > brightness ? > > diff --git a/drivers/video/backlight/backlight.c b/drivers/video/backlight/backlight.c > index fab0bc8..5c2e23d 100644 > --- a/drivers/video/backlight/backlight.c > +++ b/drivers/video/backlight/backlight.c > @@ -86,6 +86,8 @@ static ssize_t backlight_store_power(str > int power = simple_strtoul(buf, &endp, 0); > size_t size = endp - buf; > > + if (!size) > + return -EINVAL; > if (*endp && isspace(*endp)) > size++; > if (size != count) A better fix would be to use strict_strtoul() and check its return value. -- To unsubscribe from this list: send the line "unsubscribe linux-kernel" in the body of a message to majordomo@...r.kernel.org More majordomo info at http://vger.kernel.org/majordomo-info.html Please read the FAQ at http://www.tux.org/lkml/
Powered by blists - more mailing lists