lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list] 
Date:   Tue, 1 Nov 2016 07:22:29 +0000
From:   Lee Jones <lee.jones@...aro.org>
To:     Kieran Bingham <kieran@...uared.org.uk>
Cc:     Peter Rosin <peda@...ntia.se>, Wolfram Sang <wsa@...-dreams.de>,
        linux-i2c@...r.kernel.org, linux-kernel@...r.kernel.org,
        Javier Martinez Canillas <javier@....samsung.com>,
        sameo@...ux.intel.com
Subject: Re: [PATCHv6 08/11] i2c: match vendorless strings on the internal
 string length

On Mon, 31 Oct 2016, Kieran Bingham wrote:
> On 31/10/16 13:55, Peter Rosin wrote:
> > On 2016-10-26 10:53, Lee Jones wrote:
> >> On Tue, 25 Oct 2016, Kieran Bingham wrote:
> >>
> >>> If a user provides a shortened string to match a device to the sysfs i2c
> >>> interface it will match on the first string that contains that string
> >>> prefix.
> >>>
> >>> for example:
> >>>   echo a 0x68 > /sys/bus/i2c/devices/i2c-2/new_device
> >>>
> >>> will match as3711, as3722, and ak8975 incorrectly.
> >>>
> >>> Signed-off-by: Kieran Bingham <kieran@...gham.xyz>
> >>
> >> Acked-by: Lee Jones <lee.jones@...aro.org>
> >>   
> >>> ---
> >>>  drivers/i2c/i2c-core.c | 2 +-
> >>>  1 file changed, 1 insertion(+), 1 deletion(-)
> >>>
> >>> diff --git a/drivers/i2c/i2c-core.c b/drivers/i2c/i2c-core.c
> >>> index 01bce56f733a..50c9cfdb87b7 100644
> >>> --- a/drivers/i2c/i2c-core.c
> >>> +++ b/drivers/i2c/i2c-core.c
> >>> @@ -1708,7 +1708,7 @@ i2c_of_match_device_strip_vendor(const struct of_device_id *matches,
> >>>  		else
> >>>  			name++;
> >>>  
> >>> -		if (!strncasecmp(client->name, name, strlen(client->name)))
> >>> +		if (!strncasecmp(client->name, name, strlen(name)))
> >>>  			return matches;
> >>>  	}
> >>>  
> >>
> > 
> > Is that really so much better?
> 
> My original thought was that it verifies 'more' of the userspace input.
> but...
> 
> > With this patch
> > 	echo as3711CRAP 0x68 > /sys/...
> > will match as3711.
> >
> > What if there is some as37112 driver that is the real target?
> 
> You're right - It looks like the only way to do this correctly is to
> match the strncasecmp and the strlen of both strings.
> 
> So really we should be using sysfs_streq(). The only limitation there is
> that this original code was performing a case-insensitive compare.
> 
> Lee - Where did the requirement for case insensitive matching come from
> in your original code. Is it expected to be case-insensitive from the
> I2C sysfs interface? or are dt-nodes expected to be case-sensitive?

Compatible strings are always lower-case.

> Does anyone see reason that this shouldn't be using sysfs_streq()? or do
> we need a sysfs_strcaseeq()...

... but I don't see an issue with not being case sensitive.  Certainly
if it makes the logic easier/more consistent.

-- 
Lee Jones
Linaro STMicroelectronics Landing Team Lead
Linaro.org │ Open source software for ARM SoCs
Follow Linaro: Facebook | Twitter | Blog

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ