| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
Date: Tue, 14 Jan 2014 00:32:13 +0000 From: "Allan, Bruce W" <bruce.w.allan@...el.com> To: Linus Torvalds <torvalds@...ux-foundation.org>, Al Viro <viro@...iv.linux.org.uk> CC: "linux-kernel@...r.kernel.org" <linux-kernel@...r.kernel.org>, Jan Beulich <JBeulich@...e.com>, Alexey Dobriyan <adobriyan@...il.com> Subject: RE: bug in sscanf()? > -----Original Message----- > From: linus971@...il.com [mailto:linus971@...il.com] On Behalf Of Linus > Torvalds > Sent: Monday, January 13, 2014 4:23 PM > To: Al Viro > Cc: Allan, Bruce W; linux-kernel@...r.kernel.org; Jan Beulich; Alexey > Dobriyan > Subject: Re: bug in sscanf()? > > On Tue, Jan 14, 2014 at 6:30 AM, Al Viro <viro@...iv.linux.org.uk> wrote: > > > > Comments? > > Do we have actual users of this? Because I'd almost be inclined to say > "we just don't support field widths on sscanf() and will warn" unless > there are users. > > We've done that before. The kernel has various limited functions. See > the whole snprint() issue with %n, which we decided that supporting > the full semantics was actually a big mistake and we actively > *removed* code that had been misguidedly added just because people > thought we should do everything a standard user library does.. > > Limiting our problem space is a *good* thing, not a bad thing. > > If it's possible, of course, and we don't have nasty users. > > Linus I was hoping to use sscanf() in this way for a driver I'm working on to support Thunderbolt device authentication, but if it's too much to ask for I could probably work around this. Bruce.
Powered by blists - more mailing lists