lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [thread-next>] [day] [month] [year] [list]
Date:   Sat, 04 Jul 2020 22:32:50 +0200
From:   "Kars Mulder" <kerneldev@...smulder.nl>
To:     "Andy Shevchenko" <andy.shevchenko@...il.com>
Cc:     "David Laight" <David.Laight@...lab.com>,
        "Greg Kroah-Hartman" <gregkh@...uxfoundation.org>,
        "Pavel Machek" <pavel@....cz>,
        linux-kernel@...r.kernel.org 
        <linux-kernel@...r.kernel.org>,
        "Kai-Heng Feng" <kai.heng.feng@...onical.com>
Subject: Re: Writing to a const pointer: is this 
 supposed to happen?

On Saturday, July 04, 2020 16:39 CEST, Andy Shevchenko wrote: 
> > I've searched for a function that parses an int from a string and
> > stores a pointer to the end; I can find some function simple_strtoul
> > that matches this criterion, but it's documented as
> >
> >     "This function has caveats. Please use kstrtoul instead."
> >
> > ... and kstrtoul does not store a pointer to the end. The documentation
> > of kstrtoul describes simple_strtoul as obsolete as well.
> 
> 
>  Where? We need to fix that, because using simple_strto*() is fairly legal
> in cases like this, but "has caveats".

In lib/vsprintf.c, the comments before the function's implementation say:

    /**
     * simple_strtoul - convert a string to an unsigned long
     * @cp: The start of the string
     * @endp: A pointer to the end of the parsed string will be placed here
     * @base: The number base to use
     *
     * This function has caveats. Please use kstrtoul instead.
     */

Many variants upon kstrtoul, such as kstrtoull, defined in lib/kstrtox.c,
describe the simple_strtoull function as obsolete:

    /**
     * kstrtoull - convert a string to an unsigned long long
     * [...]
     *
     * Returns 0 on success, -ERANGE on overflow and -EINVAL on parsing error.
     * Used as a replacement for the obsolete simple_strtoull. Return code must
     * be checked.
     */

I seem to have been slightly inaccurate about my claim that "kstrtoul"
describes simple_strtoul as "obsolete" though, because in the specific
case of kstrtoul, include/linux/kernel.h only says:

    /**
     * kstrtoul - convert a string to an unsigned long
     * [...]
     *
     * Returns 0 on success, -ERANGE on overflow and -EINVAL on parsing error.
     * Used as a replacement for the simple_strtoull. Return code must be checked.
    */

(Also, there may be a documentation error here: all kstrto* functions in
kstrtox.c and kernel.h describe themselves as replacements of simple_strtoull.
E.g. kstrtol and kstrtoul also describe themselves as replacements of
simple_strtoull rather than as a replacements of simple_strtol and
simple_strtoul respectively.)

By the way, I found the documentation of the caveat somewhere in
include/linux/kernel.h:

    /*
     * Use kstrto<foo> instead.
     *
     * NOTE: simple_strto<foo> does not check for the range overflow and,
     *	 depending on the input, may give interesting results.
     *
     * Use these functions if and only if you cannot use kstrto<foo>, because
     * the conversion ends on the first non-digit character, which may be far
     * beyond the supported range. It might be useful to parse the strings like
     * 10x50 or 12:21 without altering original string or temporary buffer in use.
     * Keep in mind above caveat.
     */

Powered by blists - more mailing lists