lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [thread-next>] [day] [month] [year] [list] 
Message-Id: <20181211152113.8523-1-thomas.preston@codethink.co.uk>
Date:   Tue, 11 Dec 2018 15:21:11 +0000
From:   Thomas Preston <thomas.preston@...ethink.co.uk>
To:     akpm@...ux-foundation.org, pmladek@...e.com,
        andriy.shevchenko@...ux.intel.com, rostedt@...dmis.org,
        geert+renesas@...der.be, corbet@....net, me@...in.cc,
        sergey.senozhatsky@...il.com, linux-kernel@...r.kernel.org
Cc:     Thomas Preston <thomas.preston@...ethink.co.uk>
Subject: [PATCH 0/2] vsprintf Stop using obsolete simple_strtoul()

Hi,
We've fixed a bug with sscanf(). When passing in a 16-digit hex-string like so:

	sscanf("fafafafa0b0b0b0b", "%8x%8x", &hi, &lo)

The resulting value in hi is always 0. This is because vsscanf() uses the
obsolete and broken functions simple_strtoul() and simple_strtoull(), which we
have replaced.

Many thanks,
Thomas

Thomas Preston (2):
  vsprintf: Specify type for union val members
  vsprintf: Stop using obsolete simple_strtoul()

 lib/vsprintf.c | 66 ++++++++++++++++++++++++++++++++++++++--------------------
 1 file changed, 43 insertions(+), 23 deletions(-)

-- 
2.11.0

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ