lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list] 
Date:   Wed, 19 Dec 2018 12:51:59 -0800
From:   Joe Perches <joe@...ches.com>
To:     Steven Rostedt <rostedt@...dmis.org>
Cc:     Tom Zanussi <zanussi@...nel.org>, tglx@...utronix.de,
        mhiramat@...nel.org, namhyung@...nel.org, vedang.patel@...el.com,
        bigeasy@...utronix.de, joel@...lfernandes.org,
        mathieu.desnoyers@...icios.com, julia@...com,
        linux-kernel@...r.kernel.org, linux-rt-users@...r.kernel.org
Subject: Re: [PATCH 2/7] tracing: Change strlen to sizeof for hist trigger
 static strings

On Wed, 2018-12-19 at 15:34 -0500, Steven Rostedt wrote:
> On Wed, 19 Dec 2018 12:22:38 -0800
> Joe Perches <joe@...ches.com> wrote:
> 
> > On Wed, 2018-12-19 at 14:16 -0600, Tom Zanussi wrote:
> > > How's this?
> > > 
> > > [PATCH] tracing: Introduce and use strcmp_const() for hist triggers
> > > 
> > > Provide a new strcmp_const() macro and make use of it instead of the
> > > longer and more error-prone strncmp(str, "str", sizeof("str") - 1).  
> > []
> > > diff --git a/kernel/trace/trace_events_hist.c b/kernel/trace/trace_events_hist.c  
> > []
> > > @@ -22,6 +22,9 @@
> > >  
> > >  #define STR_VAR_LEN_MAX		32 /* must be multiple of sizeof(u64) */
> > >  
> > > +#define strcmp_const(str, str_const) \
> > > +	strncmp(str, str_const, sizeof(str_const) - 1)  
> > 
> > Not good as it's too easy to pass a pointer as str_const
> > and sizeof(pointer) - 1 isn't likely the string length.
> 
> Agreed. And I noticed that this is used all over the kernel, so I'm not
> going to add this patch. I'm going to add a:
> 
> #define strncmp_prefix(str, prefix) \
> 	strncmp(str, prefix, strlen(prefix))
> 
> in include/linux/string.h
> 
> And go around and use that throughout the kernel. By doing a quick
> grep, I already spotted a few bugs.

I hope you also convert the existing uses like

	strncmp(str1, "str2", 4)

where the length value is precalculated to the strlen
of the const string

But there seem to be _a lot_ of those...

$ git grep -P "\bstrncmp\s*\([^,]+,[^,]+,\s*\d+\s*\)" | wc -l
1681

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ