| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
Message-ID: <20201112120427.72c0a237@gandalf.local.home>
Date: Thu, 12 Nov 2020 12:04:27 -0500
From: Steven Rostedt <rostedt@...dmis.org>
To: Richard Fitzgerald <rf@...nsource.cirrus.com>
Cc: <pmladek@...e.com>, <sergey.senozhatsky@...il.com>,
<linux-kernel@...r.kernel.org>, <patches@...nsource.cirrus.com>
Subject: Re: [PATCH] lib: vsprintf: Avoid 32-bit truncation in vsscanf
number parsing
On Thu, 12 Nov 2020 15:46:46 +0000
Richard Fitzgerald <rf@...nsource.cirrus.com> wrote:
> See this thread from 2014 where the field width problem was raised and
> explained:
> http://lkml.iu.edu/hypermail/linux/kernel/1401.1/03443.html
>
> and the reply from Linus Torvalds that was against fixing field width
> handling:
> http://lkml.iu.edu/hypermail/linux/kernel/1401.1/03488.html
Thanks for the pointers, but note, that references to older emails should
use https://lore.kernel.org/ as these links format the output really
horribly.
>
> which I assume is why the field handling wasn't unoptimized to be
> strictly correct.
>
> Nevertheless, I see no reason not to remove avoidable inconsistencies
> from the current design.
Yes, but perhaps its time to fix the real problem and not just add
band-aids. That thread is over 6 years old (the email was from Jan 14, 2014)
$ git diff `git rev-list --before 'Jan 14 2014' HEAD --max-count=1` |
grep '^+' | grep sscanf | wc -l
622
There's been over 600 new additions of sscanf(). Now is the time to just
fix it correctly.
-- Steve
Powered by blists - more mailing lists