lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [<thread-prev] [day] [month] [year] [list]
Message-ID: <CAH6sp9MscuHYd17cNtFsvPznpq1wKsE1ujmHTDLyvaDKVeCy_A@mail.gmail.com>
Date:	Thu, 12 Feb 2015 12:10:42 +0100
From:	Frans Klaver <fransklaver@...il.com>
To:	Rasmus Villemoes <linux@...musvillemoes.dk>
Cc:	"linux-kernel@...r.kernel.org" <linux-kernel@...r.kernel.org>,
	Andrew Morton <akpm@...ux-foundation.org>
Subject: Re: The kernel's ctype

On Wed, Feb 4, 2015 at 12:18 PM, Rasmus Villemoes
<linux@...musvillemoes.dk> wrote:
> Hi,
>
> The kernel's ctype is almost, but not quite, equivalent to latin1. Apart
> from whether one wants to include the C1 control chars (0x80-0x9f),
> there are a few other differences. For example, 0xb5 (MICRO SIGN) is, at
> least according to glibc, both alpha and lower, while the kernel
> classifies it as punct. A slightly surprising quirk of the kernel's
> ctype implementation is that toupper() is not idempotent: Both 0xdf
> (LATIN SMALL LETTER SHARP S) and 0xff (LATIN SMALL LETTER Y WITH
> DIAERESIS) are correctly classified as lower, but since neither
> character's uppercase version is representable in latin1, correct
> toupper() behaviour would be to return the character itself. Instead, we
> have toupper(0xff) == 0xdf and toupper(0xdf) == 0xbf
>
> Digging in pre-git history, I see that ctype.c was originally ASCII-only,
> which I think is the only sane choice. It was changed around 1996, but
> the commit log that I've found just says "Import 2.0.1", so it's hard to
> tell what the intention was.
>
> What would break if ctype.c was changed back to ASCII?

The implementation of toupper() and tolower() still seems to be
assuming that we're dealing with ascii only, so in that regard I don't
think that much would break, as it should be broken already.

Shouldn't coccinelle be able to detect ctype usage and use of
non-ascii or userland input values?

Frans
--
To unsubscribe from this list: send the line "unsubscribe linux-kernel" in
the body of a message to majordomo@...r.kernel.org
More majordomo info at  http://vger.kernel.org/majordomo-info.html
Please read the FAQ at  http://www.tux.org/lkml/

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ