lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite for Android: free password hash cracker in your pocket
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list] 
Date:   Sun, 23 Dec 2018 01:46:05 +0900
From:   Namhyung Kim <namhyung@...nel.org>
To:     Steven Rostedt <rostedt@...dmis.org>
Cc:     LKML <linux-kernel@...r.kernel.org>,
        Linus Torvalds <torvalds@...ux-foundation.org>,
        Ingo Molnar <mingo@...nel.org>,
        Andrew Morton <akpm@...ux-foundation.org>,
        Greg Kroah-Hartman <gregkh@...uxfoundation.org>,
        Joe Perches <joe@...ches.com>,
        Masami Hiramatsu <mhiramat@...nel.org>,
        Tom Zanussi <zanussi@...nel.org>,
        Andreas Schwab <schwab@...ux-m68k.org>, kernel-team@....com
Subject: Re: [PATCH v4] string.h: Add str_has_prefix() helper function

On Sat, Dec 22, 2018 at 11:16:30AM -0500, Steven Rostedt wrote:
> On Sat, 22 Dec 2018 10:12:44 -0500
> Steven Rostedt <rostedt@...dmis.org> wrote:
> 
> > On Sat, 22 Dec 2018 23:24:11 +0900
> > Namhyung Kim <namhyung@...nel.org> wrote:
> > 
> > > > No, because we don't know the length of str.
> > > > 
> > > > 
> > > > 	[ str = "h\0[bad memory]" ]
> 
> 
> > > 
> > > I don't know what's the bad memory causing memory fault but anyway
> 
> What I meant by that is if a string is allocated at a end of a page,
> and the next page is marked as not present. A read into that page will
> cause a page fault, and since memcmp() does not stop at the '\0' it
> will read into that not-present memory and trigger a fault, and that
> read wont be in the exception table, and it will then BUG.

Why it doesn't stop at the '\0' if one has it and the other doesn't?
It's not because it's '\0', it's because they are different.  The '\0'
should be in the prev page (otherwise it's already a BUG) so it should
be detected and stopped before going to next page IMHO.


> 
> > > memcpy() should stop at the NUL character first as it's different, no?  
> > 
> > No, that's the difference between memcpy() and strncpy(), memcpy()
> > doesn't care about nul characters. It's copying memory not strings.
> 
> I think we both meant s/cpy/cmp/ ;-)

Sure..  sorry about that.

I know the difference between memcpy() and strcpy().  But this is
comparing so it should stop.

Thanks,
Namhyung

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ