lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list] 
Date:	Wed, 24 Jun 2015 19:46:18 +0200
From:	Luis de Bethencourt <luis@...ethencourt.com>
To:	Sudip Mukherjee <sudipm.mukherjee@...il.com>
Cc:	Dan Carpenter <dan.carpenter@...cle.com>,
	devel@...verdev.osuosl.org, Kirk Reiser <kirk@...sers.ca>,
	Greg Kroah-Hartman <gregkh@...uxfoundation.org>,
	speakup@...ux-speakup.org,
	Melike Yurtoglu <aysemelikeyurtoglu@...il.com>,
	linux-kernel@...r.kernel.org,
	Domagoj Trsan <domagoj.trsan@...il.com>,
	Samuel Thibault <samuel.thibault@...-lyon.org>,
	Chris Brannon <chris@...-brannons.com>
Subject: Re: [PATCH] staging: speakup: replace simple_strtoul() with
 kstrtoint()

On Wed, Jun 24, 2015 at 12:19:27PM +0200, Luis de Bethencourt wrote:
> On Wed, Jun 24, 2015 at 10:53:30AM +0530, Sudip Mukherjee wrote:
> > On Wed, Jun 24, 2015 at 12:15:52AM +0100, Luis de Bethencourt wrote:
> > > On Wed, Jun 24, 2015 at 01:53:33AM +0300, Dan Carpenter wrote:
> > > > Nope.  Your patch is totally wrong (buggy).  Please be more careful in
> > > > the future.
> > > > 
> > > > regards,
> > > > dan carpenter
> > > > 
> > > 
> > > I saw other commits replace the obsolete simple_strtoul() this way and the
> > > documentation makes it look like it is a 1 to 1 replacement.
> > > 
> > > Sorry about this. I will investigate further to understand why this is buggy
> > > and be more careful in the future.
> > simple_strtoul returns unsigned long and kstrtoint gives int.
> > documentation says to use kstrtoul.
> > 
> > regards
> > sudip
> 
> Hello again Sudip :)
> 
> simple_strtoul returns an unsigned long, but in this case this is downcasted to
> int val. If we use kstrtoul there would be a type warning since the function
> expects the reference to an unsigned long. Which is why I used the related
> kstrtoint.
> 
> Dan has said this is buggy. I have an idea why this might be. I am isolating
> the code and playing with it before submitting a second version.
> 
> Thanks for the review.
> 
> Luis

Hi,

I've investigated the issue and found the two differences between
simple_stroull() and kstrtoull().

The prototypes for reference:
unsigned long long simple_strtoull(const char *cp, char **endp, unsigned int base);
int kstrtoul(const char *s, unsigned int base, unsigned long *res);

The first issue is that simple_strtoull() moves the endp pointer to right after
the character where the last digit used is. [0] kstrtoull() doesn't move any
pointers or tell us how many characters of the string it read.

Speakup uses this to convert a string including 3 numbers into 3 ascii codes.
For example "97 98 99", to get 'a', 'b', and 'c'. It loops 3 times using this
function moving the start (cp) to the endp of the previous iteration. [1]

The second issue is that kstrtoull() checks for the number to be alone in the
string. [2] Where rv equals the number of characters read.
	s += rv;
	if (*s == '\n')
		s++;
	if (*s) {
		return -EINVAL;
	}

So in our case before in speakup, after reading the first number s points to
the empty character between 97 and 98 and it returns -EINVAL.

IMHO there are 3 things I could do:
  - Split the initial string into 3, and use simple_strtoull()
  - Implement speakup's 3 number string into 3 chars differently.
  - Remain using simple_strtoull() and ignore the deprecated warnings.

What do you guys think?
I'm inclined towards the first if there is interest.

Thanks,
Luis


[0] https://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/tree/arch/x86/boot/string.c?id=b953c0d234bc72e8489d3bf51a276c5c4ec85345#n118
[1] https://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/tree/drivers/staging/speakup/kobjects.c?id=b953c0d234bc72e8489d3bf51a276c5c4ec85345#n284
[2] https://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/tree/lib/kstrtox.c?id=b953c0d234bc72e8489d3bf51a276c5c4ec85345#n91
--
To unsubscribe from this list: send the line "unsubscribe linux-kernel" in
the body of a message to majordomo@...r.kernel.org
More majordomo info at  http://vger.kernel.org/majordomo-info.html
Please read the FAQ at  http://www.tux.org/lkml/

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ