lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list] 
Date:	Wed, 08 Jul 2009 08:46:18 +0200
From:	Matthias Pfaller <leo@...co.de>
To:	Jiri Slaby <jirislaby@...il.com>
CC:	akpm@...ux-foundation.org, linux-kernel@...r.kernel.org
Subject: Re: [PATCH 1/1] DMI: fix dmi_get_year year parsing

Jiri Slaby wrote:
> Don't guess a year number base. Use 10 instead, since year may
> be 2-digit starting with 0, so that we would end up in base equal
> to 8.
> 
> Signed-off-by: Jiri Slaby <jirislaby@...il.com>
> Reported-by: Matthias Pfaller <leo@...co.de>
> ---
>  drivers/firmware/dmi_scan.c |    2 +-
>  1 files changed, 1 insertions(+), 1 deletions(-)
> 
> diff --git a/drivers/firmware/dmi_scan.c b/drivers/firmware/dmi_scan.c
> index 6071078..8fe0f6e 100644
> --- a/drivers/firmware/dmi_scan.c
> +++ b/drivers/firmware/dmi_scan.c
> @@ -611,7 +611,7 @@ int dmi_get_year(int field)
>  		return 0;
>  
>  	s += 1;
> -	year = simple_strtoul(s, NULL, 0);
> +	year = simple_strtoul(s, NULL, 10);
>  	if (year && year < 100) {	/* 2-digit year */
>  		year += 1900;
>  		if (year < 1996)	/* no dates < spec 1.0 */

I just noticed, that this is not enough, because this will still fail 
for xxx/xx/00. I suggest the following patch:

--- drivers/firmware/dmi_scan.c.bak     Wed Jul  8 02:42:04 2009
+++ drivers/firmware/dmi_scan.c Wed Jul  8 02:42:17 2009
@@ -360,12 +360,15 @@
                 return 0;

         s += 1;
-       year = simple_strtoul(s, NULL, 0);
-       if (year && year < 100) {       /* 2-digit year */
-               year += 1900;
-               if (year < 1996)        /* no dates < spec 1.0 */
-                       year += 100;
+       if (s[0] == '0' && s[1] == '0' && s[2] == '\0') {
+               year = 2000;
+       } else {
+               year = simple_strtoul(s, NULL, 10);
+               if (year && year < 100) {       /* 2-digit year */
+                       year += 1900;
+                       if (year < 1996)        /* no dates < spec 1.0 */
+                               year += 100;
+               }
         }
-
         return year;
  }

-- 
Matthias Pfaller                          Software Entwicklung
marco Systemanalyse und Entwicklung GmbH  Tel   +49 8131 5161 41
Hans-Böckler-Str. 2, D 85221 Dachau       Fax   +49 8131 5161 66
http://www.marco.de/                      Email leo@...co.de
Geschäftsführer Martin Reuter             HRB 171775 Amtsgericht München
--
To unsubscribe from this list: send the line "unsubscribe linux-kernel" in
the body of a message to majordomo@...r.kernel.org
More majordomo info at  http://vger.kernel.org/majordomo-info.html
Please read the FAQ at  http://www.tux.org/lkml/

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ