lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list] 
Date:   Tue, 5 Jan 2021 11:13:21 -0700
From:   Shuah Khan <skhan@...uxfoundation.org>
To:     Brahadambal Srinivasan <latha@...ux.vnet.ibm.com>,
        shuah@...nel.org, trenn@...e.com
Cc:     linux-pm@...r.kernel.org, linux-kernel@...r.kernel.org,
        Shuah Khan <skhan@...uxfoundation.org>
Subject: Re: [PATCH] cpuidle_set accepts alpha numeric values for idle-set
 operation

On 1/5/21 11:03 AM, Shuah Khan wrote:
> On 1/5/21 5:24 AM, Brahadambal Srinivasan wrote:
>> For both the d and e options in cpuidle_set, an atoi() conversion is
>> done without checking if the input argument is all numeric. So, an
>> atoi conversion is done on any character provided as input and the
>> CPU idle_set operation continues with that integer value, which may
>> not be what is intended or entirely correct.
>>
>> A similar check is present for cpufreq-set already.
>>
>> This patch adds a check to see that the idle_set value is all numeric
>> before doing a string-to-int conversion.
>>
>> Signed-off-by: Brahadambal Srinivasan <latha@...ux.vnet.ibm.com>
>> ---
>>   tools/power/cpupower/utils/cpuidle-set.c | 39 +++++++++++++++++++++---
>>   1 file changed, 34 insertions(+), 5 deletions(-)
>>
>> diff --git a/tools/power/cpupower/utils/cpuidle-set.c 
>> b/tools/power/cpupower/utils/cpuidle-set.c
>> index 46158928f9ad..b3dec48e7141 100644
>> --- a/tools/power/cpupower/utils/cpuidle-set.c
>> +++ b/tools/power/cpupower/utils/cpuidle-set.c
>> @@ -21,6 +21,19 @@ static struct option info_opts[] = {
>>        { },
>>   };
>> +int is_number(char *arg)
>> +{
>> +    size_t len, i = 0;
>> +
>> +    len = strlen(arg);
>> +
>> +    for (i = 0; i < len; i++) {
>> +        if (!isdigit(arg[i]))
>> +            return 0;
>> +    }
>> +
>> +    return 1;
>> +}
> 
> Any reason why you can't use isdigit()? Please see isdigit()
> usages examples in other tools and cpupower itself.
> 

Another thing. Please add "cpupower:" to identify what you are
changing clearly.

thanks,
-- Shuah

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ