lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite for Android: free password hash cracker in your pocket
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list] 
Date:	Wed, 1 Jul 2015 08:17:06 +0200
From:	Frans Klaver <fransklaver@...il.com>
To:	Pan Xinhui <xinhuix.pan@...el.com>
Cc:	"linux-kernel@...r.kernel.org" <linux-kernel@...r.kernel.org>,
	Yury Norov <yury.norov@...il.com>,
	Andrew Morton <akpm@...ux-foundation.org>,
	Rasmus Villemoes <linux@...musvillemoes.dk>, tj@...nel.org,
	Peter Zijlstra <peterz@...radead.org>, sudeep.holla@....com,
	mina86@...a86.com, "mnipxh@....com" <mnipxh@....com>,
	Alexey Klimov <klimov.linux@...il.com>,
	"yanmin_zhang@...ux.intel.com" <yanmin_zhang@...ux.intel.com>
Subject: Re: [PATCH V2] lib/bitmap.c: fix some parsing issues and code style

On Wed, Jul 1, 2015 at 6:15 AM, Pan Xinhui <xinhuix.pan@...el.com> wrote:
>
> In __bitmap_parselist we can accept whitespaces on head or tail
> during every parsing procedure.
> If input has valid ranges, there is no reason to reject the user.
>
> fixes are:
> 1) if input ends with ',', bit 0 might be set unexpectedly.
> now we check if any digit is available after every loop.
> 2) if input has '0-', bit 0 might be set unexpectedly,
> now we return -EINVAL as this kind of input is definitely wrong.
> 3) minor code style fix in __bitmap_parse.
> and avoid in-loop incrementation of ndigits.

Why not three patches, so it becomes easier to see which is which?


> commit 2528a8b also add some check, but it's still not enough.
> it only correct the result in fix 1 above.

I believe the convention is to have at least 12 characters of the
sha1, with the title behind it: 2528a8b8f457 (__bitmap_parselist: fix
bug in empty string handling). Using only seven characters still risks
collisions.

Thanks,
Frans
--
To unsubscribe from this list: send the line "unsubscribe linux-kernel" in
the body of a message to majordomo@...r.kernel.org
More majordomo info at  http://vger.kernel.org/majordomo-info.html
Please read the FAQ at  http://www.tux.org/lkml/

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ