lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list] 
Date:   Wed, 27 Mar 2019 16:26:27 +0100
From:   Rasmus Villemoes <linux@...musvillemoes.dk>
To:     Jacek Anaszewski <jacek.anaszewski@...il.com>,
        Rasmus Villemoes <linux@...musvillemoes.dk>,
        Pavel Machek <pavel@....cz>,
        Uwe Kleine-König <u.kleine-koenig@...gutronix.de>
Cc:     LKML <linux-kernel@...r.kernel.org>, linux-leds@...r.kernel.org
Subject: Re: [PATCH v2 1/6] leds: netdev trigger: use memcpy in
 device_name_store

On 26/03/2019 20.53, Jacek Anaszewski wrote:
> Hi Rasmus,
> 
> Thank you for the patch.
> 
> On 3/14/19 3:06 PM, Rasmus Villemoes wrote:
>> If userspace doesn't end the input with a newline (which can easily
>> happen if the write happens from a C program that does write(fd,
>> iface, strlen(iface))), we may end up including garbage from a
>> previous, longer value in the device_name. For example
>>
>> # cat device_name
>>
>> # printf 'eth12' > device_name
>> # cat device_name
>> eth12
>> # printf 'eth3' > device_name
>> # cat device_name
>> eth32
>>
> 
> Added tag:
> 
> Fixes: 06f502f57d0d ("leds: trigger: Introduce a NETDEV trigger")
> 
> and applied to the fixes-for-5.1-rc3 branch.
> 

You're stripping lines beginning with #. This is the commit in -next:


commit 09466021a80c926aa7de68e5162bdfea2a117483
Author: Rasmus Villemoes <linux@...musvillemoes.dk>
Date:   Thu Mar 14 15:06:14 2019 +0100

    leds: netdev trigger: use memcpy in device_name_store

    If userspace doesn't end the input with a newline (which can easily
    happen if the write happens from a C program that does write(fd,
    iface, strlen(iface))), we may end up including garbage from a
    previous, longer value in the device_name. For example

    eth12
    eth32

which is entirely useless and confusing. Please fix this before it
actually hits mainline. And you may want to look into "git commit
--cleanup" and/or "git config commit.cleanup" (scissors is much better
than the default strip).

Rasmus

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ