lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite for Android: free password hash cracker in your pocket
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list] 
Message-ID: <1291008362.5818.28.camel@takos>
Date:	Mon, 29 Nov 2010 14:26:02 +0900
From:	YOSHIFUJI Hideaki <yoshfuji@...ux-ipv6.org>
To:	Dmitry Torokhov <dmitry.torokhov@...il.com>
Cc:	Pavel Vasilyev <pavel@...linux.ru>,
	Ming Lei <tom.leiming@...il.com>,
	LKML <linux-kernel@...r.kernel.org>, yoshfuji@...ux-ipv6.org
Subject: Re: [PATCH] Repalce strncmp by memcmp

2010-11-28 (Sun) 20:13 -0800, Dmitry Torokhov wrote:
> On Mon, Nov 29, 2010 at 06:11:21AM +0300, Pavel Vasilyev wrote:
> > On 29.11.2010 05:29, Ming Lei wrote:
> > > Hi,
> > >
> > > 2010/11/29 Pavel Vasilyev <pavel@...linux.ru>:
> > >>    This patch replace all strncmp(a, b, c) by  memcmp(a, b, c).
> > >>
> > >> I test on x86_64 (AMD Opteron 285).
> > > In fact, memcmp doesn't handle case of tail of string, so
> > > it is not safe to replace strncmp with memcmp
> > >
> > #include <stdio.h>
> > #include <errno.h>
> > 
> > int main() {
> > 
> >    char *STR = "XXXX\0";
> >    char *XXX = "XXXX";
> 
> Try comparing:
> 
> "XXXX\0YYYY" and
> "XXXX\0ZZZZ"
> 
> and observe the difference.
> 

Yes, if both of the strings are NOT known to have enough length.

It is safe to replace strncmp(a,b,n) with memcmp(a,b,n)
if a or b is/are known to have enough length; strlen(a) >= n ||
strlen(b) >= n.

I think some of the replacements in the original patch are valid,
but for even those valid replacement, I think it is worth doing
that in hot code paths only.

--yoshfuji

--
To unsubscribe from this list: send the line "unsubscribe linux-kernel" in
the body of a message to majordomo@...r.kernel.org
More majordomo info at  http://vger.kernel.org/majordomo-info.html
Please read the FAQ at  http://www.tux.org/lkml/

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ