lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list]
Message-ID: <CAJX1YtbvVCkzP9AyTd_hZXzN9LV=YgxOZRO17zZRCgTB=MFj3w@mail.gmail.com>
Date:   Fri, 2 Apr 2021 21:41:38 +0200
From:   Gioh Kim <gi-oh.kim@...os.com>
To:     Nick Desaulniers <ndesaulniers@...gle.com>
Cc:     LKML <linux-kernel@...r.kernel.org>,
        Jinpu Wang <jinpu.wang@...os.com>,
        Andrew Morton <akpm@...ux-foundation.org>,
        Kees Cook <keescook@...omium.org>
Subject: Re: [PATCH] lib/string: Introduce sysfs_streqcase

On Fri, Apr 2, 2021 at 8:17 PM Nick Desaulniers <ndesaulniers@...gle.com> wrote:
>
> Thanks for the patch!
>
> + akpm (please remember to run ./scripts/get_maintainer.pl on your patch files)
>
> On Fri, Apr 2, 2021 at 2:41 AM Gioh Kim <gi-oh.kim@...os.com> wrote:
> >
> > As the name shows, it checks if strings are equal in case insensitive
> > manner. I found some cases using strncasecmp to check the entire
> > strings and they would not work as intended.
> >
> > For example, drivers/infiniband/ulp/rtrs/rtrs-clt-sysfs.c uses
> > strncasecmp to check that the input via sysfs is "mi". But it would
> > work even-if the input is "min-wrongcommand".
> > And also drivers/pnp/interface.c checks "disable" command with
> > strncasecmp but it would also work if the command is "disable-wrong".
>
> Perhaps those callers should be using strcasecmp then, rather than strncasecmp?
>
> Also, if they're being liberal in accepting either case, I don't see
> why the sysfs nodes should be strict in rejecting trailing input at
> that point.
>



On Fri, Apr 2, 2021 at 8:17 PM Nick Desaulniers <ndesaulniers@...gle.com> wrote:
>
> Thanks for the patch!
>
> + akpm (please remember to run ./scripts/get_maintainer.pl on your patch files)
>
> On Fri, Apr 2, 2021 at 2:41 AM Gioh Kim <gi-oh.kim@...os.com> wrote:
> >
> > As the name shows, it checks if strings are equal in case insensitive
> > manner. I found some cases using strncasecmp to check the entire
> > strings and they would not work as intended.
> >
> > For example, drivers/infiniband/ulp/rtrs/rtrs-clt-sysfs.c uses
> > strncasecmp to check that the input via sysfs is "mi". But it would
> > work even-if the input is "min-wrongcommand".
> > And also drivers/pnp/interface.c checks "disable" command with
> > strncasecmp but it would also work if the command is "disable-wrong".
>
> Perhaps those callers should be using strcasecmp then, rather than strncasecmp?
>
> Also, if they're being liberal in accepting either case, I don't see
> why the sysfs nodes should be strict in rejecting trailing input at
> that point.
>

strcasecmp does not work when a user inputs the command with echo.
We can force the human to use 'echo -n' but there are also some applications
that pass the command with \n. If the command includes \n, strcasecmp does
not work.

In short, I need a function working well for both case-insensitive string and
a string followed by '\n'.

I am not native speaker of English. I think the below example can show
my problem.

Below is the original code. That code does not work because of the \n
in the command.

char buf[] = "mi\n";

if (strcasecmp(buf, "min-inflight")  == 0 ||
    strcasecmp(buf, "mi") == 0)
    printf("inflight\n");
else if (strcasecmp(buf, "min-latency") == 0 ||
    strcasecmp(buf, "ml") == 0)
    printf("latency\n");
else
    printf("wrong\n");

Below is the current code in RTRS module. We replaced strcasecmp with
strncasecmp.
That works well but ugly and error-prone.

size_t len = 0;
len = strlen(buf);
if (buf[len - 1] == '\n')
    len--;
if (strncasecmp(buf, "min-inflight", 12)  == 0 ||
    (len == 2 && strncasecmp(buf, "mi", 2) == 0))
    printf("inflight\n");
else if (strncasecmp(buf, "min-latency", 11) == 0 ||
    (len == 2 && strncasecmp(buf, "ml", 2)) == 0)
    printf("latency\n");
else
    printf("wrong\n");

I think sysfs_streqcase could be the best option as below.

if (sysfs_streqcase(buf, "min-inflight") ||
    sysfs_streqcase(buf, "mi"))
    printf("inflight\n");
else if (sysfs_streqcase(buf, "min-latency") ||
    sysfs_streqcase(buf, "ml"))
    printf("latency\n");
else
    printf("wrong\n");


I think that case is not my own problem.
I think some code handling debugfs and sysfs also have the same problem.

>
> This should be declared in
> include/linux/string.h
> in order for others to use this (as 0day bot notes).

Thank you for the kind review.
I will add the declaration if I get the positive feedback for sysfs_streqcase.

>
> > +
> >  /**
> >   * match_string - matches given string in an array
> >   * @array:     array of strings
> > --
> > 2.25.1
> >
>
>
> --
> Thanks,
> ~Nick Desaulniers

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ