lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [thread-next>] [day] [month] [year] [list]
Message-Id: <20230120213802.2467-1-apantykhin@gmail.com>
Date:   Sat, 21 Jan 2023 02:38:02 +0500
From:   Alexander Pantyukhin <apantykhin@...il.com>
To:     andriy.shevchenko@...ux.intel.com
Cc:     hch@....de, linux-kernel@...r.kernel.org,
        Alexander Pantyukhin <apantykhin@...il.com>
Subject: [PATCH] kib/uuid.c: add check for length for uuid_is_valid

Add check for length strict equality for uuid is valid

Signed-off-by: Alexander Pantyukhin <apantykhin@...il.com>
---
 lib/test_uuid.c | 1 +
 lib/uuid.c      | 3 +++
 2 files changed, 4 insertions(+)

diff --git a/lib/test_uuid.c b/lib/test_uuid.c
index cd819c397dc7..7a3d258fa695 100644
--- a/lib/test_uuid.c
+++ b/lib/test_uuid.c
@@ -37,6 +37,7 @@ static const char * const test_uuid_wrong_data[] = {
 	"c33f4995-3701-450e-9fbf206a2e98e576 ",	/* no hyphen(s) */
 	"64b4371c-77c1-48f9-8221-29f054XX023b",	/* invalid character(s) */
 	"0cb4ddff-a545-4401-9d06-688af53e",	/* not enough data */
+	"0cb4ddff-a545-4401-9d06-688af53e7f8412" /* too much data */
 };
 
 static unsigned total_tests __initdata;
diff --git a/lib/uuid.c b/lib/uuid.c
index e309b4c5be3d..ca10e2b4334b 100644
--- a/lib/uuid.c
+++ b/lib/uuid.c
@@ -89,6 +89,9 @@ bool uuid_is_valid(const char *uuid)
 {
 	unsigned int i;
 
+	if (strlen(uuid) != UUID_STRING_LEN)
+		return false;
+
 	for (i = 0; i < UUID_STRING_LEN; i++) {
 		if (i == 8 || i == 13 || i == 18 || i == 23) {
 			if (uuid[i] != '-')
-- 
2.25.1

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ