lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list]
Message-ID: <20081217160417.18507.qmail@science.horizon.com>
Date:	Wed, 17 Dec 2008 11:04:17 -0500
From:	"George Spelvin" <linux@...izon.com>
To:	peterz@...radead.org, andi@...stfloor.org
Cc:	tj@...nel.org, srostedt@...hat.com, linux@...izon.com,
	linux-kernel@...r.kernel.org
Subject: Re: [RFC] globmatch() helper function

Peter Zijlstra <peterz@...radead.org> wrote:
> ftrace has a globbing thing in there somewhere as well and that does
> indeed take user input.

Yes, but (I just looked at the code), its patterns take the form:
- Optional leading *
- Literal text
- Optional trailing *

Thus, only one case (*literal*) requires any backtracking, and it's
just strstr().

> Using recursion in kernel code is indeed not recommended, what Andi said
> we have tiny stacks.

The stack frame is tiny, and it only recurses on a *, so if the number
of *s in the pattern is bounded, the stack usage is bounded.

For the intended application (compile-time constant device blacklists),
this is not a problem at all.  Indeed, nothing but a trailing * is even
needed; I only implemented the feature to be compatible with fnmatch().
(Which is part of the reason I'm reluctant to do anything heroic to
make it work.)

The problem is, what if some future thoughtless person feeds user data
into the pattern argument?

I could just take support for non-trailing * out entirely.  That would be
a different sort of documentation burden.

Or I could just add an explicit 2-level stack. If you overflow the stack,
matching always fails.  Unfortunately, the code will be larger.

Do people think that would be, on balance, better?  It would be plenty
good enough for the blacklist application.
--
To unsubscribe from this list: send the line "unsubscribe linux-kernel" in
the body of a message to majordomo@...r.kernel.org
More majordomo info at  http://vger.kernel.org/majordomo-info.html
Please read the FAQ at  http://www.tux.org/lkml/

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ