| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
Message-ID: <e28ec4d435200be4d10dc76b17e6a4af0d71b77e.camel@perches.com>
Date: Wed, 22 Aug 2018 04:07:56 -0700
From: Joe Perches <joe@...ches.com>
To: Rasmus Villemoes <linux@...musvillemoes.dk>,
Andrew Morton <akpm@...ux-foundation.org>
Cc: linux-kernel@...r.kernel.org, Kees Cook <keescook@...omium.org>,
Greg Kroah-Hartman <gregkh@...uxfoundation.org>,
linux-nfs@...r.kernel.org
Subject: Re: [PATCH 1/4] string: try to find const-laundering bugs
On Wed, 2018-08-22 at 13:00 +0200, Rasmus Villemoes wrote:
> This wraps strchr and friends in macros that ensure the return value has
> type const char* if the passed-in string (which the return value points
> into) also has type const char*. The (s)+0 thing is to force a const
> char[] (e.g. a string literal) to decay to a const char* for the
> __same_type comparison.
[]
> diff --git a/include/linux/string.h b/include/linux/string.h
[]
> +#define strchr(s, c) ( \
> + __builtin_choose_expr(__same_type((s) + 0, const char *), \
> + (const char *)strchr(s, c), \
> + strchr(s, c)))
> +#endif
[]
> diff --git a/lib/string.c b/lib/string.c
[]
> @@ -367,7 +367,7 @@ EXPORT_SYMBOL(strncmp);
> * @s: The string to be searched
> * @c: The character to search for
> */
> -char *strchr(const char *s, int c)
> +char *(strchr)(const char *s, int c)
I've tried to use this macro/function wrapping
a few times before, but it seems that it's fairly
unusual in the kernel. I believe there may not
be any current uses of that style.
A comment explaining the form might be useful.
Powered by blists - more mailing lists