lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list]
Date:   Sat, 14 May 2022 21:10:27 +0900
From:   Vincent Mailhol <vincent.mailhol@...il.com>
To:     Max Staudt <max@...as.org>
Cc:     Wolfgang Grandegger <wg@...ndegger.com>,
        Marc Kleine-Budde <mkl@...gutronix.de>,
        linux-can@...r.kernel.org,
        Greg Kroah-Hartman <gregkh@...uxfoundation.org>,
        Oliver Neukum <oneukum@...e.com>, linux-kernel@...r.kernel.org
Subject: Re: [PATCH v6] can, tty: can327 CAN/ldisc driver for ELM327 based
 OBD-II adapters

On Fri. 14 May 2022 at 20:04, Max Staudt <max@...as.org> wrote:
> On Fri, 13 May 2022 11:38:31 +0900
> Vincent Mailhol <vincent.mailhol@...il.com> wrote:
> > > +/* Compare buffer to string length, then compare buffer to fixed
> > > string.
> > > + * This ensures two things:
> > > + *  - It flags cases where the fixed string is only the start of
> > > the
> > > + *    buffer, rather than exactly all of it.
> > > + *  - It avoids byte comparisons in case the length doesn't match.
> > > + *
> > > + * strncmp() cannot be used here because it accepts the following
> > > wrong case:
> > > + *   strncmp("CAN ER", "CAN ERROR", 6);
> >
> > What about:
> > strncmp("CAN ER", "CAN ERROR", 7);
> > ?
>
> NAK, because this may overread the buffer by one byte (the NUL byte).
> I am comparing naked bytes, not NUL-terminated strings.

Right, I missed the fact that the first argument was not Null terminated.
Your example is misleading: "CAN ER" is a string literal which is NULL
terminated, it doesn't reflect the use case.

My suggestion: first rename the function to reflect the feature it
brings. For example: elm327_rxbuff_cmp(). Naming it as if it was a
library is also misleading.

Also make it return bool.

For example, I would write it like in this fashion:

/*
 * elm327_rxfuff_cmp - compare received buffer against expected error message
 * @rxbuff: received buffer. Not NUL-terminated.
 * @rxbuff_len: size of @rxbuff.
 * @err_msg: error message against which we compare. Must be NUL-terminated.
 *
 * This function flags cases where the @rxbuff is only the start of @err_msg
 *  rather than exactly all of it.
 */
static inline bool elm327_rxbuff_cmp(const u8 *rxbuff, size_t
rxbuff_len, const char *err_msg)
{
       size_t err_len = strlen(err_msg);

       return (rxbuff_len == err_len) && !memcmp(rxbuff, err_msg, rxbuff_len);
}

Naming the arguments instead of using generic terms such as buffer and
string make it easier to follow what you are doing. The important
message is that @rxbuff is not terminated. With this information, it
becomes clear that the string functions can not be used in
replacement, no need to explicitly tell it.

[...]

Other answers are OK.

Powered by blists - more mailing lists