lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list] 
Message-ID: <20181219153447.3684100d@gandalf.local.home>
Date:   Wed, 19 Dec 2018 15:34:47 -0500
From:   Steven Rostedt <rostedt@...dmis.org>
To:     Joe Perches <joe@...ches.com>
Cc:     Tom Zanussi <zanussi@...nel.org>, tglx@...utronix.de,
        mhiramat@...nel.org, namhyung@...nel.org, vedang.patel@...el.com,
        bigeasy@...utronix.de, joel@...lfernandes.org,
        mathieu.desnoyers@...icios.com, julia@...com,
        linux-kernel@...r.kernel.org, linux-rt-users@...r.kernel.org
Subject: Re: [PATCH 2/7] tracing: Change strlen to sizeof for hist trigger
 static strings

On Wed, 19 Dec 2018 12:22:38 -0800
Joe Perches <joe@...ches.com> wrote:

> On Wed, 2018-12-19 at 14:16 -0600, Tom Zanussi wrote:
> > 
> > How's this?
> > 
> > [PATCH] tracing: Introduce and use strcmp_const() for hist triggers
> > 
> > Provide a new strcmp_const() macro and make use of it instead of the
> > longer and more error-prone strncmp(str, "str", sizeof("str") - 1).  
> []
> > diff --git a/kernel/trace/trace_events_hist.c b/kernel/trace/trace_events_hist.c  
> []
> > @@ -22,6 +22,9 @@
> >  
> >  #define STR_VAR_LEN_MAX		32 /* must be multiple of sizeof(u64) */
> >  
> > +#define strcmp_const(str, str_const) \
> > +	strncmp(str, str_const, sizeof(str_const) - 1)  
> 
> Not good as it's too easy to pass a pointer as str_const
> and sizeof(pointer) - 1 isn't likely the string length.

Agreed. And I noticed that this is used all over the kernel, so I'm not
going to add this patch. I'm going to add a:

#define strncmp_prefix(str, prefix) \
	strncmp(str, prefix, strlen(prefix))

in include/linux/string.h

And go around and use that throughout the kernel. By doing a quick
grep, I already spotted a few bugs.

-- Steve

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ