| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
Message-ID: <CAMRc=MeEFLyLzEeAy552mk+-CSSR6e_cu0kmpQEqEOF2_7zkSA@mail.gmail.com>
Date: Wed, 31 May 2017 12:52:13 +0200
From: Bartosz Golaszewski <brgl@...ev.pl>
To: Andy Shevchenko <andy.shevchenko@...il.com>
Cc: Linus Walleij <linus.walleij@...aro.org>,
Alexandre Courbot <gnurou@...il.com>,
Bamvor Jian Zhang <bamvor.zhangjian@...aro.org>,
"linux-gpio@...r.kernel.org" <linux-gpio@...r.kernel.org>,
"linux-kernel@...r.kernel.org" <linux-kernel@...r.kernel.org>
Subject: Re: [PATCH v2 1/7] gpio: mockup: improve the debugfs input sanitization
2017-05-30 20:52 GMT+02:00 Andy Shevchenko <andy.shevchenko@...il.com>:
> On Tue, May 30, 2017 at 11:58 AM, Bartosz Golaszewski <brgl@...ev.pl> wrote:
>> We're currently only checking the first character of the input to the
>> debugfs event files, so a string like '0sdfdsf' is valid and indicates
>> a falling edge event.
>>
>> Be more strict and only allow '0', '1', '0\n' & '1\n'.
>>
>> While we're at it: move the sanitization code before the irq_enabled
>> check so that we indicate an error on invalid input even if nobody is
>> waiting for events.
>
>> - int val;
>> - char buf;
>> + int rv, val;
>
>> + rv = kstrtoint_from_user(usr_buf, size, 0, &val);
>> + if (rv)
>> + return rv;
>
>> + if (val != 0 && val != 1)
>
> Wouldn't be easier to have
>
> u8 rv;
>
> ret = kstrtu8_from_user();
> if (ret >= 2)
> return ...;
>
> ?
kstrtu8_from_user() doesn't return the converted value, so you won't
skip an if anyway and by using the int variant, we're avoiding a cast.
I'd prefer it this way frankly.
Thanks,
Bartosz
Powered by blists - more mailing lists