| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
Date: Wed, 3 Feb 2016 03:35:42 -0800 From: tip-bot for Dave Hansen <tipbot@...or.com> To: linux-tip-commits@...r.kernel.org Cc: hpa@...or.com, dvlasenk@...hat.com, peterz@...radead.org, bp@...e.de, brgerst@...il.com, dave.hansen@...ux.intel.com, bp@...en8.de, tglx@...utronix.de, mingo@...nel.org, torvalds@...ux-foundation.org, luto@...capital.net, linux-kernel@...r.kernel.org Subject: [tip:x86/boot] x86/boot: Simplify early command line parsing Commit-ID: 4de07ea481361b08fe13735004dafae862482d38 Gitweb: http://git.kernel.org/tip/4de07ea481361b08fe13735004dafae862482d38 Author: Dave Hansen <dave.hansen@...ux.intel.com> AuthorDate: Tue, 22 Dec 2015 14:52:41 -0800 Committer: Ingo Molnar <mingo@...nel.org> CommitDate: Wed, 3 Feb 2016 12:03:17 +0100 x86/boot: Simplify early command line parsing __cmdline_find_option_bool() tries to account for both NULL-terminated and non-NULL-terminated strings. It keeps 'pos' to look for the end of the buffer and also looks for '!c' in a bunch of places to look for NULL termination. But, it also calls strlen(). You can't call strlen on a non-NULL-terminated string. If !strlen(cmdline), then cmdline[0]=='\0'. In that case, we will go in to the while() loop, set c='\0', hit st_wordstart, notice !c, and will immediately return 0. So, remove the strlen(). It is unnecessary and unsafe. Signed-off-by: Dave Hansen <dave.hansen@...ux.intel.com> Signed-off-by: Borislav Petkov <bp@...e.de> Cc: Andy Lutomirski <luto@...capital.net> Cc: Borislav Petkov <bp@...en8.de> Cc: Brian Gerst <brgerst@...il.com> Cc: Denys Vlasenko <dvlasenk@...hat.com> Cc: H. Peter Anvin <hpa@...or.com> Cc: Linus Torvalds <torvalds@...ux-foundation.org> Cc: Peter Zijlstra <peterz@...radead.org> Cc: Thomas Gleixner <tglx@...utronix.de> Cc: fenghua.yu@...el.com Cc: yu-cheng.yu@...el.com Link: http://lkml.kernel.org/r/20151222225241.15365E43@viggo.jf.intel.com Signed-off-by: Ingo Molnar <mingo@...nel.org> --- arch/x86/lib/cmdline.c | 3 --- 1 file changed, 3 deletions(-) diff --git a/arch/x86/lib/cmdline.c b/arch/x86/lib/cmdline.c index ff8d1be..945a639 100644 --- a/arch/x86/lib/cmdline.c +++ b/arch/x86/lib/cmdline.c @@ -39,9 +39,6 @@ int cmdline_find_option_bool(const char *cmdline, const char *option) if (!cmdline) return -1; /* No command line */ - if (!strlen(cmdline)) - return 0; - /* * This 'pos' check ensures we do not overrun * a non-NULL-terminated 'cmdline'
Powered by blists - more mailing lists