| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
Message-ID: <CAHp75VeJdqsXJ_ASTABijcj=-6BWkbAy8PofFyFTZ_1rtGVjQg@mail.gmail.com>
Date: Tue, 30 May 2017 21:52:43 +0300
From: Andy Shevchenko <andy.shevchenko@...il.com>
To: Bartosz Golaszewski <brgl@...ev.pl>
Cc: Linus Walleij <linus.walleij@...aro.org>,
Alexandre Courbot <gnurou@...il.com>,
Bamvor Jian Zhang <bamvor.zhangjian@...aro.org>,
"linux-gpio@...r.kernel.org" <linux-gpio@...r.kernel.org>,
"linux-kernel@...r.kernel.org" <linux-kernel@...r.kernel.org>
Subject: Re: [PATCH v2 1/7] gpio: mockup: improve the debugfs input sanitization
On Tue, May 30, 2017 at 11:58 AM, Bartosz Golaszewski <brgl@...ev.pl> wrote:
> We're currently only checking the first character of the input to the
> debugfs event files, so a string like '0sdfdsf' is valid and indicates
> a falling edge event.
>
> Be more strict and only allow '0', '1', '0\n' & '1\n'.
>
> While we're at it: move the sanitization code before the irq_enabled
> check so that we indicate an error on invalid input even if nobody is
> waiting for events.
> - int val;
> - char buf;
> + int rv, val;
> + rv = kstrtoint_from_user(usr_buf, size, 0, &val);
> + if (rv)
> + return rv;
> + if (val != 0 && val != 1)
Wouldn't be easier to have
u8 rv;
ret = kstrtu8_from_user();
if (ret >= 2)
return ...;
?
> + return -EINVAL;
--
With Best Regards,
Andy Shevchenko
Powered by blists - more mailing lists