lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [<thread-prev] [day] [month] [year] [list]
Message-ID: <20201124012342.GA6592@hoboy.vegasvil.org>
Date:   Mon, 23 Nov 2020 17:23:42 -0800
From:   Richard Cochran <richardcochran@...il.com>
To:     min.li.xe@...esas.com
Cc:     netdev@...r.kernel.org, linux-kernel@...r.kernel.org
Subject: Re: [PATCH v2 net] ptp: clockmatrix: bug fix for idtcm_strverscmp

On Mon, Nov 23, 2020 at 03:20:06PM -0500, min.li.xe@...esas.com wrote:
> From: Min Li <min.li.xe@...esas.com>
> 
> Feed kstrtou8 with NULL terminated string.
> 
> Changes since v1:
> -Use strscpy instead of strncpy for safety.
> 
> Signed-off-by: Min Li <min.li.xe@...esas.com>
> ---
>  drivers/ptp/ptp_clockmatrix.c | 60 ++++++++++++++++++++++++++++++-------------
>  tools/bpf/example             | 12 +++++++++
>  tools/bpf/novlan              |  7 +++++
>  3 files changed, 61 insertions(+), 18 deletions(-)
>  create mode 100644 tools/bpf/example
>  create mode 100644 tools/bpf/novlan
> 
> diff --git a/drivers/ptp/ptp_clockmatrix.c b/drivers/ptp/ptp_clockmatrix.c
> index e020faf..d4e434b 100644
> --- a/drivers/ptp/ptp_clockmatrix.c
> +++ b/drivers/ptp/ptp_clockmatrix.c
> @@ -103,42 +103,66 @@ static int timespec_to_char_array(struct timespec64 const *ts,
>  	return 0;
>  }
>  
> -static int idtcm_strverscmp(const char *ver1, const char *ver2)
> +static int idtcm_strverscmp(const char *version1, const char *version2)
>  {
>  	u8 num1;
>  	u8 num2;
>  	int result = 0;
> +	char ver1[16];
> +	char ver2[16];
> +	char *cur1;
> +	char *cur2;
> +	char *next1;
> +	char *next2;
> +
> +	if (strscpy(ver1, version1, 16) < 0 ||
> +	    strscpy(ver2, version2, 16) < 0)
> +		return -1;
> +	cur1 = ver1;
> +	cur2 = ver2;
>  
>  	/* loop through each level of the version string */
>  	while (result == 0) {
> +		next1 = strchr(cur1, '.');
> +		next2 = strchr(cur2, '.');
> +
> +		/* kstrtou8 could fail for dot */
> +		if (next1) {
> +			*next1 = '\0';
> +			next1++;
> +		}
> +
> +		if (next2) {
> +			*next2 = '\0';
> +			next2++;
> +		}
> +

All of this looping and ad-hoc string parsing can be make MUCH
simpler by using sscanf() and then comparing the binary values
directly.

>  		/* extract leading version numbers */
> -		if (kstrtou8(ver1, 10, &num1) < 0)
> +		if (kstrtou8(cur1, 10, &num1) < 0)
>  			return -1;
>  
> -		if (kstrtou8(ver2, 10, &num2) < 0)
> +		if (kstrtou8(cur2, 10, &num2) < 0)
>  			return -1;
>  
>  		/* if numbers differ, then set the result */
>  		if (num1 < num2)
> +			return -1;
> +		if (num1 > num2)
> +			return 1;
> +
> +		/* if numbers are the same, go to next level */
> +		if (!next1 && !next2)
> +			break;
> +		else if (!next1) {
>  			result = -1;
> -		else if (num1 > num2)
> +		} else if (!next2) {
>  			result = 1;
> -		else {
> -			/* if numbers are the same, go to next level */
> -			ver1 = strchr(ver1, '.');
> -			ver2 = strchr(ver2, '.');
> -			if (!ver1 && !ver2)
> -				break;
> -			else if (!ver1)
> -				result = -1;
> -			else if (!ver2)
> -				result = 1;
> -			else {
> -				ver1++;
> -				ver2++;
> -			}
> +		} else {
> +			cur1 = next1;
> +			cur2 = next2;
>  		}
>  	}
> +
>  	return result;
>  }
>  

> diff --git a/tools/bpf/example b/tools/bpf/example
> new file mode 100644
> index 0000000..a0ac81f
> --- /dev/null
> +++ b/tools/bpf/example
> @@ -0,0 +1,12 @@
> +  ldh [12]
> +  jne #0x8100, nonvlan
> +  ldh [16]
> +  jne #0x88f7, bad
> +  ldb [18]
> +  ja test
> +  nonvlan: jne #0x88f7, bad
> +  ldb [14]
> +  test: and #0x8
> +  jeq #0, bad
> +  good: ret #1500
> +  bad: ret #0

Looks like this hunk and the next got included by mistake.

Thanks,
Richard

> diff --git a/tools/bpf/novlan b/tools/bpf/novlan
> new file mode 100644
> index 0000000..fe35288
> --- /dev/null
> +++ b/tools/bpf/novlan
> @@ -0,0 +1,7 @@
> +  ldh [12]
> +  jne #0x88f7, bad
> +  ldb [14]
> +  and #0x8
> +  jeq #0, bad
> +  good: ret #1500
> +  bad: ret #0
> -- 
> 2.7.4
> 

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ