| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
Date: Fri, 19 Mar 2021 15:28:56 -0300
From: Arnaldo Carvalho de Melo <acme@...hat.com>
To: hyunji-Hong <onlygod0807@...il.com>
Cc: linux-kernel@...r.kernel.org
Subject: Re: [PATCH] Tools: lib: string: Fix isspace() parameter to avoid
undefined behavior
Em Fri, Mar 19, 2021 at 09:14:15AM +0900, hyunji-Hong escreveu:
> isspace() could be vulnerable in terms of unpredictable results. So, the parameter of the isspace() should be cast with 'unsigned int'. We found out that information through these sites. (Microsoft, Stack Overflow)
> url: [https://docs.microsoft.com/en-us/cpp/code-quality/c6328?view=msvc-160]
> url: [https://stackoverflow.com/questions/122721]
tools/ and the kernel versions of isspace are implemented in
include/linux/ctype.h and tools/include/linux/ctype.h.
- Arnaldo
> Signed-off-by: SeungHoon Woo, Hyunji Hong, Kyeongseok Yang <hyunji_hong@...ea.ac.kr>
> ---
> tools/lib/string.c | 4 ++--
> 1 file changed, 2 insertions(+), 2 deletions(-)
>
> diff --git a/tools/lib/string.c b/tools/lib/string.c
> index 8b6892f959ab..7d01be5cdcf8 100644
> --- a/tools/lib/string.c
> +++ b/tools/lib/string.c
> @@ -123,7 +123,7 @@ size_t __weak strlcpy(char *dest, const char *src, size_t size)
> */
> char *skip_spaces(const char *str)
> {
> - while (isspace(*str))
> + while (isspace((unsigned char)*str))
> ++str;
> return (char *)str;
> }
> @@ -146,7 +146,7 @@ char *strim(char *s)
> return s;
>
> end = s + size - 1;
> - while (end >= s && isspace(*end))
> + while (end >= s && isspace((unsigned char)*end))
> end--;
> *(end + 1) = '\0';
>
> --
> 2.17.1
Powered by blists - more mailing lists