lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
Open Source and information security mailing list archives
| ||
|
Date: Sat, 27 May 2017 19:45:41 +0300 From: Andy Shevchenko <andy.shevchenko@...il.com> To: Bartosz Golaszewski <brgl@...ev.pl> Cc: Linus Walleij <linus.walleij@...aro.org>, Alexandre Courbot <gnurou@...il.com>, Bamvor Jian Zhang <bamvor.zhangjian@...aro.org>, "linux-gpio@...r.kernel.org" <linux-gpio@...r.kernel.org>, "linux-kernel@...r.kernel.org" <linux-kernel@...r.kernel.org> Subject: Re: [PATCH 05/10] gpio: mockup: improve the debugfs input sanitization On Thu, May 25, 2017 at 11:33 AM, Bartosz Golaszewski <brgl@...ev.pl> wrote: > We're currently only checking the first character of the input to the > debugfs event files, so a string like '0sdfdsf' is valid and indicates > a falling edge event. > > Be more strict and only allow '0', '1', '0\n' & '1\n'. Why not to be so strict and use kstrtobool_from_user(); instead? -- With Best Regards, Andy Shevchenko
Powered by blists - more mailing lists