lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [<thread-prev] [day] [month] [year] [list] 
Message-ID: <20181204163849.GE10650@smile.fi.intel.com>
Date:   Tue, 4 Dec 2018 18:38:49 +0200
From:   Andy Shevchenko <andriy.shevchenko@...ux.intel.com>
To:     Geert Uytterhoeven <geert@...ux-m68k.org>
Cc:     Petr Mladek <pmladek@...e.com>,
        Alessandro Zummo <a.zummo@...ertech.it>,
        Alexandre Belloni <alexandre.belloni@...tlin.com>,
        linux-rtc@...r.kernel.org, Arnd Bergmann <arnd@...db.de>,
        Joe Perches <joe@...ches.com>,
        Mark Salyzyn <salyzyn@...roid.com>,
        Linux Kernel Mailing List <linux-kernel@...r.kernel.org>,
        Rasmus Villemoes <rasmus.villemoes@...vas.dk>,
        Greg KH <gregkh@...uxfoundation.org>,
        Bartlomiej Zolnierkiewicz <b.zolnierkie@...sung.com>,
        Dmitry Torokhov <dmitry.torokhov@...il.com>,
        Guan Xuetao <gxt@...c.pku.edu.cn>,
        Ingo Molnar <mingo@...nel.org>,
        Jason Wessel <jason.wessel@...driver.com>,
        Jonathan Corbet <corbet@....net>,
        Jon Hunter <jonathanh@...dia.com>,
        Krzysztof Kozlowski <krzk@...nel.org>,
        "Rafael J. Wysocki" <rjw@...ysocki.net>,
        Thierry Reding <thierry.reding@...il.com>
Subject: Re: [PATCH v5 02/21] lib/vsprintf: Print time and date in human
 readable format via %pt

On Tue, Dec 04, 2018 at 05:16:58PM +0100, Geert Uytterhoeven wrote:
> On Tue, Dec 4, 2018 at 5:12 PM Andy Shevchenko
> <andriy.shevchenko@...ux.intel.com> wrote:
> > On Tue, Dec 04, 2018 at 02:30:28PM +0100, Petr Mladek wrote:
> > > On Thu 2018-11-29 12:59:40, Andy Shevchenko wrote:
> > > > There are users which print time and date represented by content of
> > > > struct rtc_time in human readable format.
> > > >
> > > > Instead of open coding that each time introduce %ptR[dt][r] specifier.
> >
> > > > +static void __init
> > > > +struct_rtc_time(void)
> > > > +{
> > > > +}
> > >
> > > Just by chance, do you have any plans to add the test code? ;-)
> > >
> > > I understand that you did now want to spend time on it before
> > > the real change was accepted.
> >
> > You see, there were several iterations with no consensus on everything:
> > specifier format changed 3 times, for example.
> >
> > But it might be good idea to eventually add couple simple tests at some point.
> >
> > Is it a show stopper?
> 
> Can the user trigger formatting, and exploit a bug in the formatting code?

Might happen, it's a software at the end.
Do we need to revisit all formatting specifiers right now?

In any case, to be productive out of this discussion, I would like to gather
test cases you want to see.

-- 
With Best Regards,
Andy Shevchenko

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ