| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
Date: Wed, 17 Dec 2008 16:15:42 +0100 From: Peter Zijlstra <peterz@...radead.org> To: Andi Kleen <andi@...stfloor.org> Cc: George Spelvin <linux@...izon.com>, linux-kernel@...r.kernel.org, tj@...nel.org, Steven Rostedt <srostedt@...hat.com> Subject: Re: [RFC] globmatch() helper function On Wed, 2008-12-17 at 14:28 +0100, Andi Kleen wrote: > "George Spelvin" <linux@...izon.com> writes: > > Wow, finally a name. > > > break; > > case '*': > > if (pat[1] == '\0') /* Optimize trailing * case */ > > return true; > > /* Recurse on each possible tail of str */ > > while (!globmatch(pat+1, str)) > > if (!*str++) > > return false; > > I'm uneasy with the unbounded recursion. Sure currently all the users > are controlled in kernel source code and expect to put in sane patterns. > But if someone ever adds a user controlled glob in some way it will be > trivial to crash/overwrite memory with the limited kernel stack. > And with such a generalized function it's likely to be used more > in the future. ftrace has a globbing thing in there somewhere as well and that does indeed take user input. Using recursion in kernel code is indeed not recommended, what Andi said we have tiny stacks. -- To unsubscribe from this list: send the line "unsubscribe linux-kernel" in the body of a message to majordomo@...r.kernel.org More majordomo info at http://vger.kernel.org/majordomo-info.html Please read the FAQ at http://www.tux.org/lkml/
Powered by blists - more mailing lists