lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [<thread-prev] [day] [month] [year] [list] 
Date:	Fri, 4 Sep 2015 09:59:13 +0100
From:	Russell King - ARM Linux <linux@....linux.org.uk>
To:	Kees Cook <keescook@...omium.org>
Cc:	Tomeu Vizoso <tomeu@...euvizoso.net>,
	Stephen Boyd <sboyd@...eaurora.org>,
	Michael Turquette <mturquette@...libre.com>,
	Andrew Morton <akpm@...ux-foundation.org>,
	Nicolas Iooss <nicolas.iooss_linux@....org>,
	linux-clk@...r.kernel.org, linux-kernel@...r.kernel.org
Subject: Re: [PATCH] clk_register_clkdev: remove format string interface

On Thu, Sep 03, 2015 at 01:54:07PM -0700, Kees Cook wrote:
> Many callers either use NULL or const strings for the third argument of
> clk_register_clkdev. For those that do not and use a non-const string,
> this is a risk for format strings being accidentally processed (for
> example in device names). As this interface is already used as if it
> weren't a format string (prints nothing when NULL), and there are zero
> users of the format strings, remove the format string interface to make
> sure format strings will not leak into the clkdev.
> 
> $ git grep '\bclk_register_clkdev\b' | grep % | wc -l
> 0
> 
> Unfortunately, all the internals expect a va_list even though they treat
> a NULL format string as special. To deal with this, we must pass either
> (..., "%s", string) or (..., NULL, NULL) so that a the va_list will be
> created correctly (passing the name as an argument, not a format string).

A more clearer way to write that would be:

	if (dev_id)
		cl = clkdev_create(hw, con_id, "%s", dev_id);
	else
		cl = clkdev_create(hw, con_id, NULL);

then it's obvious what's going on.

-- 
FTTC broadband for 0.8mile line: currently at 9.6Mbps down 400kbps up
according to speedtest.net.
--
To unsubscribe from this list: send the line "unsubscribe linux-kernel" in
the body of a message to majordomo@...r.kernel.org
More majordomo info at  http://vger.kernel.org/majordomo-info.html
Please read the FAQ at  http://www.tux.org/lkml/

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ