| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
Message-ID: <b0851627-5c27-c4b6-7807-276131728d0e@yandex-team.ru>
Date: Mon, 11 Mar 2019 10:22:24 +0300
From: Konstantin Khlebnikov <khlebnikov@...dex-team.ru>
To: Linus Torvalds <torvalds@...ux-foundation.org>,
Rasmus Villemoes <linux@...musvillemoes.dk>
Cc: Linux List Kernel Mailing <linux-kernel@...r.kernel.org>,
Tejun Heo <tj@...nel.org>,
Greg Kroah-Hartman <gregkh@...uxfoundation.org>,
Andrew Morton <akpm@...ux-foundation.org>,
Alexey Dobriyan <adobriyan@...il.com>
Subject: Re: [PATCH v1 2/6] lib: scanf: handle integer overflows in vsscanf
On 11.03.2019 0:52, Linus Torvalds wrote:
> On Sun, Mar 10, 2019 at 2:06 PM Rasmus Villemoes
> <linux@...musvillemoes.dk> wrote:
>>
>> IIRC, this has been attempted before, causing a userspace regression
>> because some sysfs/procfs file matched with %u or %x, and somebody wrote
>> -1 to get 0xffffffff .
>
> .. which is correct anyway. That's how scanf is supposed to work.
Well. In this case '%u' sscanf in kernel is already broken.
%u does not accept minus sign and looks like never does.
'is_sign' is set only for %d and %i,
without it string couldn't pass initial check of first "digit".
More over simple_strtoul never accepted '-'.
Glibc version indeed accepts '-1' as %u and returns 0xFFFFFFFF
which isn't in manpage:' optionally signed' mentioned only for %d and %i.
But this explicitly mentioned in manpage for 'stroul'.
>
> If somebody needs overflow checking, they shouldn't be using scanf.
>
> Linus
>
Powered by blists - more mailing lists