| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
Date: Mon, 29 Nov 2010 15:41:49 +0300
From: Pavel Vasilyev <pavel@...linux.ru>
To: YOSHIFUJI Hideaki <yoshfuji@...ux-ipv6.org>
CC: Dmitry Torokhov <dmitry.torokhov@...il.com>,
Ming Lei <tom.leiming@...il.com>,
LKML <linux-kernel@...r.kernel.org>
Subject: Re: [PATCH] Repalce strncmp by memcmp
On 29.11.2010 08:26, YOSHIFUJI Hideaki wrote:
> 2010-11-28 (Sun) 20:13 -0800, Dmitry Torokhov wrote:
>> On Mon, Nov 29, 2010 at 06:11:21AM +0300, Pavel Vasilyev wrote:
>>> On 29.11.2010 05:29, Ming Lei wrote:
>>>> 2010/11/29 Pavel Vasilyev <pavel@...linux.ru>:
>>>>> This patch replace all strncmp(a, b, c) by memcmp(a, b, c).
>>>>> I test on x86_64 (AMD Opteron 285).
>>>> In fact, memcmp doesn't handle case of tail of string, so
>>>> it is not safe to replace strncmp with memcmp
>>> #include <stdio.h>
>>> #include <errno.h>
>>> int main() {
>>> char *STR = "XXXX\0";
>>> char *XXX = "XXXX";
>> Try comparing:
>> "XXXX\0YYYY" and
>> "XXXX\0ZZZZ"
>>
>> and observe the difference.
> Yes, if both of the strings are NOT known to have enough length.
>
> It is safe to replace strncmp(a,b,n) with memcmp(a,b,n)
> if a or b is/are known to have enough length; strlen(a) >= n ||
> strlen(b) >= n.
>
> I think some of the replacements in the original patch are valid,
> but for even those valid replacement, I think it is worth doing
> that in hot code paths only.
In my fact, the system has been running for two days, with this
configuration (in attach)
--
Pavel.
View attachment "config-2.6.37-rc3+" of type "text/plain" (58458 bytes)
Powered by blists - more mailing lists