lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list]
Message-ID: <55936976.7090001@intel.com>
Date:	Wed, 01 Jul 2015 12:15:50 +0800
From:	Pan Xinhui <xinhuix.pan@...el.com>
To:	"linux-kernel@...r.kernel.org" <linux-kernel@...r.kernel.org>
CC:	Yury Norov <yury.norov@...il.com>,
	Andrew Morton <akpm@...ux-foundation.org>,
	Rasmus Villemoes <linux@...musvillemoes.dk>, tj@...nel.org,
	peterz@...radead.org, sudeep.holla@....com, mina86@...a86.com,
	"mnipxh@....com" <mnipxh@....com>,
	Alexey Klimov <klimov.linux@...il.com>,
	"yanmin_zhang@...ux.intel.com" <yanmin_zhang@...ux.intel.com>
Subject: [PATCH V2] lib/bitmap.c: fix some parsing issues and code style


In __bitmap_parselist we can accept whitespaces on head or tail
during every parsing procedure.
If input has valid ranges, there is no reason to reject the user.

fixes are:
1) if input ends with ',', bit 0 might be set unexpectedly.
now we check if any digit is available after every loop.
2) if input has '0-', bit 0 might be set unexpectedly,
now we return -EINVAL as this kind of input is definitely wrong.
3) minor code style fix in __bitmap_parse.
and avoid in-loop incrementation of ndigits.

commit 2528a8b also add some check, but it's still not enough.
it only correct the result in fix 1 above.

Signed-off-by: Pan Xinhui <xinhuix.pan@...el.com>
---
  lib/bitmap.c | 43 ++++++++++++++++++++++++++-----------------
  1 file changed, 26 insertions(+), 17 deletions(-)
---
change log
V2 from v1: solve the codes conflicts
---

diff --git a/lib/bitmap.c b/lib/bitmap.c
index a578a01..b0e3afc 100644
--- a/lib/bitmap.c
+++ b/lib/bitmap.c
@@ -367,7 +367,8 @@ int __bitmap_parse(const char *buf, unsigned int buflen,
  
  	nchunks = nbits = totaldigits = c = 0;
  	do {
-		chunk = ndigits = 0;
+		chunk = 0;
+		ndigits = totaldigits;
  
  		/* Get the next chunk of the bitmap */
  		while (buflen) {
@@ -406,9 +407,9 @@ int __bitmap_parse(const char *buf, unsigned int buflen,
  				return -EOVERFLOW;
  
  			chunk = (chunk << 4) | hex_to_bin(c);
-			ndigits++; totaldigits++;
+			totaldigits++;
  		}
-		if (ndigits == 0)
+		if (unlikely(ndigits == totaldigits))
  			return -EINVAL;
  		if (nchunks == 0 && chunk == 0)
  			continue;
@@ -505,7 +506,7 @@ static int __bitmap_parselist(const char *buf, unsigned int buflen,
  		int nmaskbits)
  {
  	unsigned a, b;
-	int c, old_c, totaldigits;
+	int c, old_c, totaldigits, ndigits;
  	const char __user __force *ubuf = (const char __user __force *)buf;
  	int at_start, in_range;
  
@@ -515,6 +516,7 @@ static int __bitmap_parselist(const char *buf, unsigned int buflen,
  		at_start = 1;
  		in_range = 0;
  		a = b = 0;
+		ndigits = totaldigits;
  
  		/* Get the next cpu# or a range of cpu#'s */
  		while (buflen) {
@@ -528,23 +530,27 @@ static int __bitmap_parselist(const char *buf, unsigned int buflen,
  			if (isspace(c))
  				continue;
  
-			/*
-			 * If the last character was a space and the current
-			 * character isn't '\0', we've got embedded whitespace.
-			 * This is a no-no, so throw an error.
-			 */
-			if (totaldigits && c && isspace(old_c))
-				return -EINVAL;
-
  			/* A '\0' or a ',' signal the end of a cpu# or range */
  			if (c == '\0' || c == ',')
  				break;
+			/*
+			* whitespaces between digits are not allowed,
+			* but it's ok if whitespaces are on head or tail.
+			* when old_c is whilespace,
+			* if totaldigits == ndigits, whitespace is on head.
+			* if whitespace is on tail, it should not run here.
+			* as c was ',' or '\0',
+			* the last code line has broken the current loop.
+			*/
+			if ((totaldigits != ndigits) && isspace(old_c))
+				return -EINVAL;
  
  			if (c == '-') {
  				if (at_start || in_range)
  					return -EINVAL;
  				b = 0;
  				in_range = 1;
+				at_start = 1;
  				continue;
  			}
  
@@ -557,15 +563,18 @@ static int __bitmap_parselist(const char *buf, unsigned int buflen,
  			at_start = 0;
  			totaldigits++;
  		}
+		if (unlikely(ndigits == totaldigits))
+			continue;
+		/* if no digit is after '-', it's wrong*/
+		if (unlikely(at_start && in_range))
+			return -EINVAL;
  		if (!(a <= b))
  			return -EINVAL;
  		if (b >= nmaskbits)
  			return -ERANGE;
-		if (!at_start) {
-			while (a <= b) {
-				set_bit(a, maskp);
-				a++;
-			}
+		while (a <= b) {
+			set_bit(a, maskp);
+			a++;
  		}
  	} while (buflen && c == ',');
  	return 0;
-- 
1.9.1
--
To unsubscribe from this list: send the line "unsubscribe linux-kernel" in
the body of a message to majordomo@...r.kernel.org
More majordomo info at  http://vger.kernel.org/majordomo-info.html
Please read the FAQ at  http://www.tux.org/lkml/

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ