| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
Date: Sun, 6 Feb 2022 10:34:11 -0800
From: Linus Torvalds <torvalds@...ux-foundation.org>
To: Kees Cook <keescook@...omium.org>
Cc: Alexander Popov <alex.popov@...ux.com>,
Peter Zijlstra <peterz@...radead.org>,
Thomas Gleixner <tglx@...utronix.de>,
Josh Poimboeuf <jpoimboe@...hat.com>,
Borislav Petkov <bp@...en8.de>,
Masahiro Yamada <masahiroy@...nel.org>,
linux-kernel@...r.kernel.org, linux-hardening@...r.kernel.org
Subject: Re: [PATCH 2/3] gcc-plugins/stackleak: Exactly match strings instead
of prefixes
On Sun, Feb 6, 2022 at 9:45 AM Kees Cook <keescook@...omium.org> wrote:
>
> + return !strncmp(TREE_STRING_POINTER(node), string, length);
Why is this "strncmp()"? That makes no sense when you've just checked
the exact lengths of both sides.
You're not comparing strings any more, you've already checked the end
of the string - you are comparing memory contents.
So make it just do a "memcmp()".
> +#define STRING_EQUAL(node, str) string_equal(node, str, strlen(str))
.. and please change this name too, since it's not comparing two
strings. The first argument is something else entirely.
It's checking the node value of a section, give it some name related to that.
I do also get the feeling that the nodes should actually be checked to
be a STRING_CST rather than these blind TREE_VALUE() following things,
but I don't really know the rules for gcc plugin internals very well -
or at all, really.
Linus
Powered by blists - more mailing lists